- Description
- GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input sanitization.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
- Products
- gitlab
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cve@gitlab.com
- CWE-79
- Hype score
- Not currently trending
GitLabは2026年5月13日、複数の高深刻度脆弱性へ対処する緊急アップデートを公開した。特に深刻なのはCVSS 8.7のXSS脆弱性CVE-2026-7481、CVE-2026-5297、CVE-2026-6073で、分析ダッシュボード、グローバル検索、Duo Agent出力
@yousukezan
14 May 2026
4085 Impressions
10 Retweets
34 Likes
17 Bookmarks
0 Replies
0 Quotes
🚨 High - Multiple GitLab CE/EE Vulnerabilities (CVE-2026-7481, CVE-2026-6073 & more) A batch of high-severity flaws in GitLab allows authenticated attackers to execute arbitrary JavaScript (XSS) via improper input sanitization in dashboards and agent outputs. Additional f
@UpwindMDR
14 May 2026
85 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "ACF146E3-AD48-4493-89F1-2F26D172A4C6",
"versionEndExcluding": "18.9.7",
"versionStartIncluding": "16.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E79D4F10-88B3-4AA7-BC5E-3FC8FA698969",
"versionEndExcluding": "18.10.6",
"versionStartIncluding": "18.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DA0D6580-3530-4D76-81CE-D852BCE0D411",
"versionEndExcluding": "18.11.3",
"versionStartIncluding": "18.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]