CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
45.4%
gitlab is vulnerable to Cross-Site Scripting (XSS) attacks. It is possible to exploit the vulnerability via setting the labels colour feature which leads to a stored XSS that allows an authenticated attacker to perform arbitrary actions on behalf of victims at client side.