CVE-2024-4201

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.

Related Vulnerabilities

CVE-2018-1000062

MEDIUM
CVSS:4.4(Medium)

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbit...

CWE-792018

CVE-2019-14759

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Ra...

CWE-792019

CVE-2019-14760

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder applic...

CWE-792019

CVE-2019-14761

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. A...

CWE-792019

CVE-2020-14445

MEDIUM
CVSS:4.4(Medium)

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Manage...

CWE-792020

CVE-2020-4768

MEDIUM
CVSS:4.4(Medium)

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

CWE-792020