CNNVD-202507-1482 Information
CNNVD ID
CNNVD-202507-1482
Related CVE
- CNNVD Published: 2025-07-10
Description (Chinese)
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab Community Edition和GitLab Enterprise Edition 17.11版本至17.11.6之前版本、18.0版本至18.0.4之前版本和18.1版本至18.1.2之前版本存在跨站脚本漏洞,该漏洞源于在特定条件下可能允许攻击者通过注入恶意内容代表用户执行操作。
Description (English)
GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. GitLab Commission and GitLab Enterprise 17.11 to 17.11.6, 18.0 to 18.0.4 and 18.1 to 18.1.2 had a cross-site script loophole, which arose from the possibility, under certain conditions, of allowing the aggressor to perform on behalf of the user by injecting malicious content.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
GitLab
Published
2025-07-10
Last Modified
2026-02-24
References
https://hackerone.com/reports/3227316 https://gitlab.com/gitlab-org/gitlab/-/issues/552616 https://nvd.nist.gov/vuln/detail/CVE-2025-6948 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-09-07-2025-47672