Lucene search
HistoryApr 16, 2023 - 12:15 a.m.
CVE-2018-17537
cve-2018-17537
gitlab
stored xss
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
27.2%
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
Affected configurations
Node
gitlabgitlabRange<11.1.7community
ORgitlabgitlabRange<11.1.7enterprise
ORgitlabgitlabRange11.2.0–11.2.4community
ORgitlabgitlabRange11.2.0–11.2.4enterprise
ORgitlabgitlabMatch11.3.0community
ORgitlabgitlabMatch11.3.0enterprise
Related
ubuntucve
ubuntucve
CVE-2018-17537
2023-04-16 00:00:00
osv
osv
CVE-2018-17537
2023-04-16 00:15:07
prion
prion
Cross site scripting
2023-04-16 00:15:00
debiancve
debiancve
CVE-2018-17537
2023-04-16 00:15:07
cvelist
cvelist
CVE-2018-17537
2023-04-15 00:00:00
cve
cve
CVE-2018-17537
2023-04-16 00:15:07
freebsd
freebsd
Gitlab -- multiple vulnerabilities
2018-10-01 00:00:00
nessus
nessus
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
27.2%
Related for NVD:CVE-2018-17537