CVE-2026-6073 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization...

Linux Distros Unpatched Vulnerability : CVE-2022-3572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5....

BIT-GITLAB-2025-6186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

CVE-2025-4700

GitLab CVE-2025-4700 affects GitLab CE/EE versions 15.10–18.0.4, 18.1.x before 18.1.3, and 18.2.x before 18.2.1. The issue could allow an attacker to trigger unintended content rendering that leads to Cross-site Scripting (XSS) under certain conditions. The provided documents do not specify the v...

FreeBSD : Gitlab -- vulnerabilities (20823cc0-5d45-11f0-966e-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 20823cc0-5d45-11f0-966e-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue impacts GitLab CE/EE Improper authorization issue...

FreeBSD : Gitlab -- Vulnerabilities (11b71871-20ba-11f0-9471-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 11b71871-20ba-11f0-9471-2cf05da270f3 advisory. Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cros...

CVE-2025-0811 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting...

CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-0314

GitLab CVE-2025-0314 affects GitLab CE/EE versions: 17.2 before 17.6.4; 17.7 before 17.7.3; 17.8 before 17.8.1. The issue is improper rendering of certain file types that leads to cross-site scripting (XSS) . The connected documents corroborate this description across multiple sources. There is n...