
We found results for “”
CVE-2025-4278
Good to know:

Date: June 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-80Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |