CVE-2024-10383

HIGH Year: 2024
CVSS v3 Score
8.7
High
Weakness Type
CWE-79
View all →

Vulnerability Description

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE

Related Vulnerabilities

CVE-2019-12830

HIGH
CVSS:8.7(High)

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCo...

CWE-792019

CVE-2020-13340

HIGH
CVSS:8.7(High)

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

CWE-792020

CVE-2020-15276

HIGH
CVSS:8.7(High)

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component....

CWE-792020

CVE-2020-26210

HIGH
CVSS:8.7(High)

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous cont...

CWE-792020

CVE-2020-26211

HIGH
CVSS:8.7(High)

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context ...

CWE-792020

CVE-2020-26249

HIGH
CVSS:8.7(High)

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord u...

CWE-792020