555 matches found
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
Design/Logic Flaw
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5471
Removed by vendor...
CVE-2019-5471
CVE-2019-5471 concerns an input validation and output encoding flaw in GitLab’s email notification feature that could yield a persistent XSS. The issue affects GitLab’s email notifications (notably in merge-request and repository push emails) where unsanitized values (e.g., branch names) could be...
CVE-2019-5467
Removed by vendor...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5467
GitLab CE/EE Wiki pages were affected by a stored XSS due to an input validation and output encoding flaw in how Wiki Markdown links were processed. The issue could allow a persistent XSS when a wiki page is crafted with crafted input (as demonstrated by stored-XSS scenarios in the HackerOne repo...
PT-2019-17694 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 11.11.6 GitLab versions prior to 12.0.4 GitLab versions prior to 12.1.2 Description: An issue with input validation and output encoding was found in the email notification feature, potentially leading to a persistent...
Snapforce CRM 8.3.0 Cross Site Scripting
Hello Team, Greetings. there is list of xss vulnerabilities and Concurrent login vulnerabilities are in snapforce version 8.3.0 application. Vulnerability List: 1. Stored Cross Site Scripting 2. Stored Cross Site Scripting thorough UI Redirection. 3 Concurrent Login are Allowed Effected URL:...
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise Google Dork: N/A Date: 11.08.2019 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sugarcrm.com Version: 9.0.0 Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76...
Cross site scripting
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low...
CVE-2019-11199
Dolibarr ERP/CRM 9.0.1 is affected by a stored XSS in uploaded files (viewimage.php) that can execute JavaScript when an arbitrary link on the Dolibarr domain is clicked. The issue stems from lack of contextual output encoding in the uploaded content, enabling exploitation by low-privilege users ...
GitLab CE/EE Cross-Site Scripting Vulnerability (CNVD-2019-23572)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A persiste...
CVE-2018-19493
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...
CVE-2018-19493
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...