Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1836: 2023/CVE-2023-1836.json · master · GitLab.org / cves · GitLab

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in “raw” mode, it can be made to render as HTML if viewed under specific circumstances

CVE
Open in Source
#xss#js#git#auth

Skip to content

GitLab

Next

    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn

  • Pricing

  • Talk to an expert

  • /

  • Help

    • Help

    • Support

    • Community forum

    • Submit feedback

    • Contribute to GitLab

    Projects Groups Topics Snippets

  • Register

  • Sign in

The 16.0 major release is coming on May 22, 2023! This version brings many exciting improvements to GitLab, but also removes some deprecated features. These changes are going live on GitLab.com now, continuing up to May 22, 2023, when GitLab 16.0 is released. Visit the deprecations page to see what is scheduled for removal.

  • GitLab.org

  • cves

  • Repository

  • cves

  • 2023

  • CVE-2023-1836.json

Find file BlameHistoryPermalink

  • Publishing 0 updated advisories and 9 new advisories · 48000e9f

    🤖 GitLab Bot 🤖 authored May 03, 2023

    48000e9f

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE