CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
An issue has been discovered in GitLab CE/EE affecting all versions
starting from 16.9 before 16.9.4, all versions starting from 16.10 before
16.10.2. A payload may lead to a Stored XSS while using the diff viewer,
allowing attackers to perform arbitrary actions on behalf of victims.