Medium severity6.1NVD Advisory· Published May 4, 2017· Updated May 13, 2026
CVE-2017-8778
CVE-2017-8778
Description
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
Affected products
12cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: <=8.14.9
- cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.15.5:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- about.gitlab.com/2017/02/15/gitlab-8-dot-16-dot-5-security-release/nvdPatchRelease NotesVendor Advisory
- gitlab.com/gitlab-org/gitlab-ce/issues/27471nvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.