An issue has been discovered in GitLab affecting all versions starting from 12.8 prior to 15.8.5, all versions starting from 15.9 prior to 15.9.4, all versions starting from 15.10 prior to 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows malicious users to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab 15.10.0 |
||
gitlab gitlab |