Gitlab : Security Vulnerabilities, CVEs, Published In 2020 (XSS)
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project
Max CVSS
5.5
EPSS Score
0.06%
Published
2020-12-10
Updated
2020-12-11
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes
Max CVSS
5.5
EPSS Score
0.07%
Published
2020-10-06
Updated
2020-10-15
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
Max CVSS
8.7
EPSS Score
0.09%
Published
2020-10-08
Updated
2020-10-14
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-10-08
Updated
2020-10-08
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-10-02
Updated
2020-10-08
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.
Max CVSS
7.2
EPSS Score
0.05%
Published
2020-10-02
Updated
2020-10-08
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-30
Updated
2020-10-08
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.
Max CVSS
5.4
EPSS Score
0.06%
Published
2020-09-30
Updated
2020-10-02
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.
Max CVSS
5.4
EPSS Score
0.06%
Published
2020-09-30
Updated
2020-10-02
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-09-30
Updated
2020-10-02
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-30
Updated
2020-10-02
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
Max CVSS
5.5
EPSS Score
0.07%
Published
2020-09-14
Updated
2020-09-16
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
Max CVSS
5.5
EPSS Score
0.07%
Published
2020-08-12
Updated
2020-08-14
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
Max CVSS
7.3
EPSS Score
0.06%
Published
2020-08-13
Updated
2022-11-16
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
Max CVSS
7.3
EPSS Score
0.06%
Published
2020-08-13
Updated
2020-08-14
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
Max CVSS
6.1
EPSS Score
0.30%
Published
2020-06-10
Updated
2020-06-16
A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1
Max CVSS
6.1
EPSS Score
0.30%
Published
2020-06-10
Updated
2020-06-16
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
Max CVSS
6.1
EPSS Score
0.30%
Published
2020-06-10
Updated
2020-06-16
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
Max CVSS
4.8
EPSS Score
0.05%
Published
2020-04-29
Updated
2020-05-04
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
Max CVSS
6.1
EPSS Score
0.07%
Published
2020-03-13
Updated
2020-03-16
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.
Max CVSS
6.1
EPSS Score
0.07%
Published
2020-03-13
Updated
2020-03-16
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.
Max CVSS
6.1
EPSS Score
0.07%
Published
2020-03-13
Updated
2020-03-17
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
Max CVSS
6.1
EPSS Score
0.07%
Published
2020-03-13
Updated
2020-03-17
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
Max CVSS
6.1
EPSS Score
0.07%
Published
2020-03-13
Updated
2021-07-21
GitLab through 12.7.2 allows XSS.
Max CVSS
6.1
EPSS Score
0.12%
Published
2020-02-05
Updated
2020-02-06