VYPR
Unrated severityNVD Advisory· Published Jan 24, 2025· Updated Feb 12, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

CVE-2025-0314

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

Affected products

26

Patches

Vulnerability mechanics

References

2

News mentions

1