A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
Thu, 08 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 08 Aug 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | |
Title | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-08-08T10:31:12.873Z
Updated: 2024-08-29T15:04:57.844Z
Reserved: 2024-04-25T17:30:38.530Z
Link: CVE-2024-4207
Vulnrichment
Updated: 2024-08-08T13:09:39.566Z
NVD
Status : Analyzed
Published: 2024-08-08T11:15:13.183
Modified: 2024-09-18T12:41:29.313
Link: CVE-2024-4207
Redhat
No data.