Cross-Site Scripting

GitLab Cross-Site Scripting (XSS) Vulnerability (CVE-2023-0050)

March 5, 2023

Overview Recently, NSFOCUS CERT found that GitLab has issued an official security notice to fix a cross-site scripting vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-0050). A remote attacker with low privileges can cause the client to store XSS through a specially crafted Kroki diagram, and finally perform arbitrary operations on the […]

Search

Subscribe to the NSFOCUS Blog