CVE-2025-4278

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.
Configurations

No configuration.

History

12 Jun 2025, 10:16

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-12 10:16

Updated : 2025-06-12 16:06


NVD link : CVE-2025-4278

Mitre link : CVE-2025-4278

CVE.ORG link : CVE-2025-4278


JSON object : View

Products Affected

No product.

CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)