CVE-2025-7739

Published: Aug 13, 2025Modified: Aug 15, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.

Affected (2)

Products: Gitlab: Gitlab

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 18.2.0 to 18.2.2
Gitlab Gitlab	From 18.2.0 to 18.2.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/556111

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/3255849

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.