Published: 09/09/2019 Updated: 10/09/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in GitLab Community and Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab

Debian Bug report logs - #921059 gitlab: CVE-2019-6781 CVE-2019-6782 CVE-2019-6783 CVE-2019-6784 CVE-2019-6785 CVE-2019-6786 CVE-2019-6787 CVE-2019-6788 CVE-2019-6789 CVE-2019-6790 CVE-2019-6791 CVE-2019-6792 CVE-2019-6794 CVE-2019-6795 CVE-2019-6796 CVE-2019-6960 CVE-2019-6995 CVE-2019-6997 CVE-2019-7155 CVE-2019-7176 Package: src:gitlab ...

CWE-79 https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/https://gitlab.com/gitlab-org/gitlab-ce/issues/54416 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921059 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-6784

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect