漏洞描述
GitLab社区与企业版存在存储型跨站脚本漏洞。此漏洞是由于对label colors输入验证不足导致的。
GitLab社区与企业版Label Color存储型跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- GitLab GitLab CE/EE 权限管理不当漏洞
- GitLab CE/EE GraphQL 身份验证缺陷漏洞
- GitLab CE/EE 资源分配控制不当漏洞 可导致拒绝服务
- 泛微 E-weaver /api/ec/dev/locale/getLabelByModule 存在SQL注入漏洞
- gitlab-api-user-enum: GitLab - User Information Disclosure Via Open API
- Apache OFBiz /partymgr/control/getJSONuiLabel 服务器端请求伪造漏洞(CVE-2023-50968)
- POC CVE-2024-45409: GitLab - SAML Authentication Bypass
- POC CVE-2025-25291: GitLab - SAML Authentication Bypass
- POC CVE-2019-6793: GitLab Enterprise Edition - Server-Side Request Forgery
- POC CVE-2020-2096: Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
- POC CVE-2020-26413: Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
- POC CVE-2021-22205: GitLab CE/EE - Remote Code Execution
- POC CVE-2021-22214: Gitlab CE/EE 10.5 - Server-Side Request Forgery