CVE-2025-0376 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

2.4%

top 15.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedFeb 12

Description

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5gitlab/gitlab13.3 — 17.6.5+2

▶NVDgitlab/gitlab13.3.0 — 17.6.5+2

▶debiandebian/gitlab< gitlab 17.6.5-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-8rmw-8cch-2w5c: An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13↗2025-02-12

▶

OSV

CVE-2025-0376: An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13↗2025-02-12

▶

📋Vendor Advisories

GitLab

CVE-2025-0376: An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allow↗2025-02-12

▶

Debian

CVE-2025-0376: gitlab - An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 pri...↗2025

▶