Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork
Vulnerability Description
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GitLab gitlab-vscode-extension 跨站脚本漏洞
Vulnerability Description
GitLab gitlab-vscode-extension是美国GitLab公司的一款用于Gitlab的VSCode代码编辑器扩展程序。 GitLab gitlab-vscode-extension存在跨站脚本漏洞。攻击者利用该漏洞可以执行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A