GitLab Cross-Site Scripting (XSS) Vulnerability (CVE-2023-0050)
March 5, 2023
Overview Recently, NSFOCUS CERT found that GitLab has issued an official security notice to fix a cross-site scripting vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-0050). A remote attacker with low privileges can cause the client to store XSS through a specially crafted Kroki diagram, and finally perform arbitrary operations on the […]