VYPR
Unrated severityNVD Advisory· Published Jan 26, 2024· Updated Apr 25, 2026

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

CVE-2023-5933

Description

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 13.7
    • (no CPE)range: >13.7, <16.6.6, >=16.7, <16.7.4, >=16.8, <16.8.1
  • osv-coords
    Range: >= 13.7.0, < 16.6.6

Patches

Vulnerability mechanics

References

3

News mentions

1