VDB
GSD-2023-2164
GSD-2023-2164
PUBLISHED
CVSS 5.400000095367432 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| GitLab | GitLab | 16.1.0, 16.2.0, 15.9 |
Timeline
- Apr 20, 2026 CVE Published
References
- GitLab Issue #407783 issue
- HackerOne Bug Bounty Report #1940598 exploit