Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Vulnerability Description
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GitLab Enterprise Edition(EE) 跨站脚本漏洞
Vulnerability Description
GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition(EE) 16.6至17.9.7之前版本、17.10至17.10.5之前版本和17.11至17.11.1之前版本存在跨站脚本漏洞,该漏洞源于特定条件下可能导致跨站脚本攻击和内容安全策略绕过。
CVSS Information
N/A
Vulnerability Type
N/A