Reflected XSS vulnerability in GitLab CE/EE - CVE-2023-3500 (rpm)ID: oval:org.secpod.oval:def:91527 | Date: (C)2023-08-03 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 10.0 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a reflected XSS vulnerability. A flaw is present in the application, which fails to properly handle an issue when creating specific PlantUML diagrams. Successful exploitation could allow attackers to perform arbitrary actions on behalf of victims through a reflected XSS.
Product: |
gitlab-ce |
gitlab-ee |