Lucene search
GitLabCVELIST:CVE-2020-26407HistoryDec 10, 2020 - 5:16 a.m.
CVE-2020-26407
2020-12-1005:16:24
GitLab
www.cve.org
5
xss
gitlab
ce/ee
version 12.4
13.6.2
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
26.7%
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project
CNA Affected
[
{
"product": "Gitlab CE/EE",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=12.4"
},
{
"status": "affected",
"version": "<13.4.7"
},
{
"status": "affected",
"version": ">=13.5"
},
{
"status": "affected",
"version": "<13.5.5"
},
{
"status": "affected",
"version": ">=13.6"
},
{
"status": "affected",
"version": "<13.6.2"
}
]
}
]Related
nvd
nvd
CVE-2020-26407
2020-12-10 06:15:13
ubuntucve
ubuntucve
CVE-2020-26407
2020-12-10 00:00:00
prion
prion
Cross site scripting
2020-12-10 06:15:00
debiancve
debiancve
CVE-2020-26407
2020-12-10 06:15:13
veracode
veracode
Cross-Site Scripting (XSS)
2020-12-09 09:00:08
nessus
nessus
GitLab 12.4 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26407)
2024-05-17 00:00:00
osv
osv
BIT-gitlab-2020-26407
2024-03-06 11:21:19
CVE-2020-26407
2020-12-10 06:15:13
cve
cve
CVE-2020-26407
2020-12-10 06:15:13
freebsd
freebsd
Gitlab -- Multiple vulnerabilities
2020-12-07 00:00:00
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
26.7%
Related for CVELIST:CVE-2020-26407