7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
44.2%
gitlab is vulnerable to a cross-site scripting (XSS) vulnerability. This vulnerability occurs due to improper neutralization of input during web page generation. An attacker can exploit this vulnerability by creating a malicious Jupyter notebook that contains a crafted tag. When a victim views the notebook, the malicious tag will be executed in the victim’s browser, allowing the attacker to steal cookies or other sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
gitlab:sid | eq | 13.4.7-2 | |
gitlab:sid | eq | 13.3.9-1 | |
gitlab:sid | eq | 13.4.7-2 | |
gitlab:sid | eq | 13.3.9-1 |