CVE-2020-10092 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 72.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedMar 13

Latest updateMay 24

Description

GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDgitlab/gitlab12.1.0 — 12.8.1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-4mm8-64px-38hf: GitLab 12↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2020-10092: GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.↗2020-03-13

▶

Oracle

Oracle Oracle Virtualization Risk Matrix: Web Server (Apache HTTPD Server) — CVE-2019-10092↗2020-01-15

▶

Debian

CVE-2020-10092: gitlab - GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was ...↗2020

▶