A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 prior to 15.2.5, all versions starting from 15.3 prior to 15.3.4, all versions starting from 15.4 prior to 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed malicious users to perform arbitrary actions on behalf of victims at client side.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |
||
gitlab gitlab 15.4 |