CVE Daily

CVE-2025-0314

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 be...

High CVSS 8.7

Overview

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

CWE: CWE-79 Published: 2025-01-24T03:15:07.320
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.7 (HIGH)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags