A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it
2021-07-07T11:15:08.347
2024-11-21T05:49:45.013
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gitlab | gitlab | < 13.11.6 | Yes |
Application | gitlab | gitlab | < 13.12.6 | Yes |
Application | gitlab | gitlab | < 14.0.2 | Yes |