{"id":8803,"date":"2025-07-23T13:35:32","date_gmt":"2025-07-23T13:35:32","guid":{"rendered":"http:\/\/localhost\/?p=8803"},"modified":"2025-07-23T13:35:32","modified_gmt":"2025-07-23T13:35:32","slug":"improper-neutralization-of-input-during-web-page-generation-cross-site-scripting-in-gitlab","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8803","title":{"rendered":"Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-23T17:33:13.646Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-23T17:46:17.034Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nGitLab<\/td>\n<\/tr>\n
Product<\/th>\nGitLab<\/td>\n<\/tr>\n
Version<\/th>\n15.10<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n8.7 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting (XSS) vulnerability in GitLab CE\/EE could allow attackers to execute unauthorized scripts, potentially leading to security breaches. This issue affects multiple versions of GitLab, including 15.10, 18.0.5, 18.1.3, and 18.2.1. Users are advised to update to patched versions to mitigate this risk.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nGitLab<\/td>\n<\/tr>\n
AI Product<\/th>\nGitLab CE\/EE<\/td>\n<\/tr>\n
AI Version<\/th>\n15.10, 18.0.5, 18.1, 18.1.3, 18.2, 18.2.1<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n