An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.
References
Configurations
No configuration.
History
12 Jun 2025, 10:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-12 10:16
Updated : 2025-06-12 16:06
NVD link : CVE-2025-4278
Mitre link : CVE-2025-4278
CVE.ORG link : CVE-2025-4278
JSON object : View
Products Affected
No product.
CWE
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)