Cross-site Scripting vulnerability in GitLab CE/EE - CVE-2023-6371 (dpkg)ID: oval:org.secpod.oval:def:99325 | Date: (C)2024-04-18 (M)2024-04-18 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in validation of input During web page generation. On successful exploitation, A wiki page with a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
Product: |
gitlab-ce |
gitlab-ee |