- Description
- GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
- Products
- gitlab
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cve@gitlab.com
- CWE-79
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos GitLab ❗ CVE-2026-6896 ❗ CVE-2026-13320 ➡️ Más info: https://t.co/g0xzEya8At https://t.co/7BwwpTCpeh
@CERTpy
15 Jul 2026
158 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 HIGH SEVERITY: CVE-2026-13320 CVSS 7.3 - GitLab CE/EE XSS vulnerability allows authenticated users to execute arbitrary scripts in victim browsers. Affects versions 15.7-18.11.6, 19.0-19.0.3, 19.1-19.1.1. Patch immediately! #CVE #Vulnerability #PatchNow https://t.co/5b9bkqAg
@DFIR_Lab
11 Jul 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitLab CE/EEが8件の脆弱性を修正。深刻なクロスサイトスクリプティングCVE-2026-6896とHTMLインジェクションCVE-2026-13320が修正されている。 https://t.co/KbEwHOeDIY
@__kokumoto
9 Jul 2026
850 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "755A1ECC-3D10-4301-AF23-98AC37B872C9",
"versionEndExcluding": "18.11.7",
"versionStartIncluding": "15.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F91F3636-63EF-452A-B8F1-FA4E6FF9D109",
"versionEndExcluding": "18.11.7",
"versionStartIncluding": "15.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "EFCDDDB3-8242-420F-AAA0-65985B9B525D",
"versionEndExcluding": "19.0.4",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77F37C9F-5A51-4AD0-A919-F74CA49F8048",
"versionEndExcluding": "19.0.4",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "C12717E0-C005-4D05-8B76-6D974C5CED08",
"versionEndExcluding": "19.1.2",
"versionStartIncluding": "19.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "71AC7E45-C1B7-4EFE-8C29-E1D7ADD3D9F4",
"versionEndExcluding": "19.1.2",
"versionStartIncluding": "19.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]