CVE-2023-1836
Published May 3, 2023
Last updated 2 years ago
Overview
- Description
- A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances
- Source
- cve@gitlab.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06A634B5-D0D2-49D4-B119-0F69CF07D016",
"versionEndExcluding": "15.9.6",
"versionStartIncluding": "5.1"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "128CE092-2826-422E-BE7A-D2DDE15FAFC3",
"versionEndExcluding": "15.10.5",
"versionStartIncluding": "15.10"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8959805-2A8C-48BE-A0C2-8A1B1049826B",
"versionEndExcluding": "15.11.1",
"versionStartIncluding": "15.11"
}
],
"operator": "OR"
}
]
}
]