PT-2020-13478 · Gitlab · Gitlab

Published

2020-10-02

Updated

2024-03-06

CVE-2020-13337

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitLab versions 12.10 through 12.10.12

Description The issue allows for a stored XSS payload to be added as a group name, potentially affecting the security of the system.

Recommendations For versions 12.10 through 12.10.12, update to a version that contains a fix for this issue to prevent stored XSS payloads from being added as group names.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-GITLAB-2020-13337

CVE-2020-13337

Affected Products

Gitlab

PT-2020-13478 · Gitlab · Gitlab

CVE-2020-13337

Weakness Enumeration

Related Identifiers

Affected Products

References · 8