Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/05/23 6:30 a.m.20 views

CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...

8CVSS5.9AI score0.00802EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/23 6:30 a.m.36 views

CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...

8CVSS7.3AI score0.00802EPSS
Exploits1References2
CVE
CVE
added 2024/05/23 6:30 a.m.454 views

CVE-2024-4835

CVE-2024-4835 is a cross-site scripting (XSS) vulnerability in GitLab affected in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. The root cause is improper neutralization of input during web page generation, enabling an attacker-controlled page to exfiltrate sensitiv...

8.2CVSS7.1AI score0.00802EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.41 views

GitLab 15.11 < 16.10.6 / 16.11 < 16.11.3 / 17.0 < 17.0.1 (CVE-2024-4835)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate...

8.2CVSS5.5AI score0.00802EPSS
Exploits1References4
Rows per page
Query Builder