Home > Vulnerability Database > CVE-2024-8186

Mend.io Vulnerability Database

CVE-2024-8186

Date: March 3, 2025

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.

Severity Score

5.4

Related Resources (4)

Url: https://hackerone.com/reports/2655757

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8186

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/480751

Url: https://www.mend.io/vulnerability-database/CVE-2024-8186

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8186

Date: March 3, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?