CVE-2019-15724Cross-site Scripting in Gitlab

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 70.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedSep 16
Latest updateMay 24

Description

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDgitlab/gitlab11.10.012.0.8+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-5jcx-pvq7-vfwp: An issue was discovered in GitLab Community and Enterprise Edition 112022-05-24

📋Vendor Advisories

2
GitLab
CVE-2019-15724: An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.2019-09-16
Debian
CVE-2019-15724: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.10 through...2019