CVE-2019-12445

2020-03-1015:15:15

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.1%

JSON

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.

CPENameOperatorVersion
gitlabeq8.4.6-ee
gitlabeq8.4.4-ee
gitlabeq8.4.9
gitlabeq8.4.1
gitlabeq8.4.9-ee
gitlabeq8.4.11-ee
gitlabeq8.4.4
gitlabeq8.4.8-ee
gitlabeq8.4.5-ee
gitlabeq8.4.7-ee

Name	Operator	Version
gitlab	eq	8.4.6-ee
gitlab	eq	8.4.4-ee
gitlab	eq	8.4.9
gitlab	eq	8.4.1
gitlab	eq	8.4.9-ee
gitlab	eq	8.4.11-ee
gitlab	eq	8.4.4
gitlab	eq	8.4.8-ee
gitlab	eq	8.4.5-ee
gitlab	eq	8.4.7-ee