Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Vulnerability Description
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GitLab Enterprise Edition 跨站脚本漏洞
Vulnerability Description
GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition 16.6至17.7.6之前版本、17.8至17.8.4之前版本和17.9至17.9.1之前版本存在跨站脚本漏洞,该漏洞源于跨站脚本,允许绕过安全控制。
CVSS Information
N/A
Vulnerability Type
N/A