4 matches found
CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...
CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...
CVE-2024-4835
CVE-2024-4835 is a cross-site scripting (XSS) vulnerability in GitLab affected in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. The root cause is improper neutralization of input during web page generation, enabling an attacker-controlled page to exfiltrate sensitiv...
GitLab 15.11 < 16.10.6 / 16.11 < 16.11.3 / 17.0 < 17.0.1 (CVE-2024-4835)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate...