CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS
Percentile
44.0%
gitlab is vulnerable to a cross-site scripting (XSS) vulnerability. This vulnerability occurs due to improper neutralization of input during web page generation. An attacker can exploit this vulnerability by creating a malicious Jupyter notebook that contains a crafted tag. When a victim views the notebook, the malicious tag will be executed in the victim’s browser, allowing the attacker to steal cookies or other sensitive information.