Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Vulnerability Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GitLab CE/EE 跨站脚本漏洞
Vulnerability Description
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab CE/EE 18.7.5之前版本、18.8.5之前版本和18.9.1之前版本存在跨站脚本漏洞,该漏洞源于未经验证的用户可能注入任意脚本,可能导致脚本注入。
CVSS Information
N/A
Vulnerability Type
N/A