CVE-2020-10076 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 72.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedMar 13

Latest updateMay 24

Description

GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDgitlab/gitlab12.1.0 — 12.8.1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-7mrh-q55x-m4mh: GitLab 12↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2020-10076: GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.↗2020-03-13

▶

Debian

CVE-2020-10076: gitlab - GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerabili...↗2020

▶