yvvdwf

7 exploits Active since Aug 2020
CVE-2020-13285 WRITEUP HIGH WRITEUP
GitLab <13.0.12-13.2.3 - XSS
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
CVSS 7.3
CVE-2020-13340 WRITEUP HIGH WRITEUP
GitLab <13.2.10-13.4.2 - XSS
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
CVSS 8.7
CVE-2021-22220 WRITEUP MEDIUM WRITEUP
Gitlab < 13.10.5 - XSS
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
CVSS 6.1
CVE-2022-2428 WRITEUP MEDIUM WRITEUP
Gitlab < 15.1.6 - XSS
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests
CVSS 6.4
CVE-2022-2527 WRITEUP HIGH WRITEUP
GitLab CE/EE <15.1.6-15.3.2 - Authenticated XSS
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.
CVSS 7.3
CVE-2022-2630 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <15.2.4-15.3.2 - Info Disclosure
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
CVSS 4.3
CVE-2022-2865 WRITEUP HIGH WRITEUP
GitLab CE/EE <15.1.6, <15.2.4, <15.3.2 - XSS
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
CVSS 7.3