CVE Details
Basic Information
| Title | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab |
|---|---|
| Type | cve |
| Published | 2025-07-23T17:33:13.646Z |
| Modified | 2025-07-23T17:46:17.034Z |
Product Information
| Vendor | GitLab |
|---|---|
| Product | GitLab |
| Version | 15.10 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability in GitLab CE/EE could allow attackers to execute unauthorized scripts, potentially leading to security breaches. This issue affects multiple versions of GitLab, including 15.10, 18.0.5, 18.1.3, and 18.2.1. Users are advised to update to patched versions to mitigate this risk. |
|---|---|
| AI Severity | High |
| AI Vendor | GitLab |
| AI Product | GitLab CE/EE |
| AI Version | 15.10, 18.0.5, 18.1, 18.1.3, 18.2, 18.2.1 |
Affected Products
- GitLab GitLab 15.10
- GitLab GitLab 18.1
- GitLab GitLab 18.2
Additional Information
| CWE List | CWE-79 |
|---|---|
| Source | GitLab |
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS.