CVE-2026-33955

Notesnook: A stored XSS in the note history diff viewer (Web/Desktop) can lead to remote code execution in the desktop app. Trigger occurs when an attacker-controlled note header is rendered with dangerouslySetInnerHTML, and, when combined with the full backup/restore feature, is exploitable due ...

EUVD-2024-31698

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-3092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload...

CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

GitLab 16.9 < 16.9.4 / 16.10 < 16.10.2 (CVE-2024-3092)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using th...

BIT-GITLAB-2024-3092 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

UBUNTU-CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

CVE-2024-3092

CVE-2024-3092 affects GitLab CE/EE: stored XSS via the diff viewer in all versions 16.9 before 16.9.4 and 16.10 before 16.10.2. Exploitation could allow an attacker to act on behalf of victims. Remediation: upgrade to GitLab 16.9.4 or 16.10.2 (per advisories referencing the fixed versions).

CVE-2024-3092

Removed by vendor...

CVE-2024-3092 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A cross-site scripting vulnerability exists in GitLab CE/EE versions 16.9 throu...

PT-2024-23669 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.9.3 GitLab CE/EE versions 16.10 through 16.10.1 Description: An issue has been discovered in GitLab CE/EE that may lead to a Stored XSS while using the diff viewer. This allows attackers to perform...

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...

CVE-2023-2121

A flaw was found in HashiCorp Vault and Vault Enterprise, where they are vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the key-value v2 kv-v2 diff viewer. A remote, authenticated attacker can inject malicious script into a Web page which would be...

CVE-2023-2121 Vault’s KV Diff Viewer Allowed for HTML Injection

Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...

Fedora 16 : ReviewBoard-1.6.3-1.fc16 (2011-15935)

New upstream security release 1.6.3 - Security Fixes : - A script injection vulnerability was discovered in the commenting system. This affected the diff viewer and screenshot pages, and allowed a commenter to break the page and execute JavaScript Note that Tenable Network Security has extracted...

CVE-2011-4312

Multiple cross-site scripting XSS vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 diff viewer or 2 screenshot component...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 diff viewer or 2 screenshot component...

CVE-2011-4312

Multiple cross-site scripting XSS vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 diff viewer or 2 screenshot component...