Volerion logoVolerion
Volerion logoVolerion

GitLab CE/EE Cross-Site Scripting Vulnerability via Content Delivery Networks

Vulnerability

A cross-site scripting vulnerability has been identified in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 15.10 prior to 18.0.5, 18.1 prior to 18.1.3, and 18.2 prior to 18.2.1. This vulnerability could have allowed an authenticated user to execute cross-site scripting attacks when the GitLab instance was served through certain content delivery networks.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing attackers to inject malicious scripts that could be executed in the context of the user's browser.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
1.7
exploitability
5.0
remediation
0.0
relevance
0.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.