CVE-2019-5467Cross-site Scripting in Gitlab

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 78.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GitlabGitlab CE EEDebian Gitlab+1 more
Timeline
PublishedSep 9
Latest updateMay 24

Description

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

NVDgitlab/gitlab11.11.211.11.7+2
CVEListV5gitlab_ce/eeAffects GitLab CE/EE 11.10 and later. Fixed in 12.1.2, 12.0.4, and 11.11.6
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-xg29-cfqc-hqpr: An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS2022-05-24

📋Vendor Advisories

2
GitLab
CVE-2019-5467: An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulne2019-09-09
Debian
CVE-2019-5467: gitlab - An input validation and output encoding issue was discovered in the GitLab CE/EE...2019