CVE-2025-1763

HIGH Year: 2025
CVSS v3 Score
8.7
High
Weakness Type
CWE-79
View all →

Vulnerability Description

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

Related Vulnerabilities

CVE-2019-12830

HIGH
CVSS:8.7(High)

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCo...

CWE-792019

CVE-2020-13340

HIGH
CVSS:8.7(High)

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

CWE-792020

CVE-2020-15276

HIGH
CVSS:8.7(High)

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component....

CWE-792020

CVE-2020-26210

HIGH
CVSS:8.7(High)

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous cont...

CWE-792020

CVE-2020-26211

HIGH
CVSS:8.7(High)

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context ...

CWE-792020

CVE-2020-26249

HIGH
CVSS:8.7(High)

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord u...

CWE-792020