CVE-2020-26407

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-26407
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26407.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-26407
Aliases
Downstream
Published
2020-12-10T06:15:13.750Z
Modified
2026-02-14T09:02:14.676619Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
2f8ec2ebf58d8d4885127b9715b143e6756f2df1
Fixed
2e75f6e5b161b73e2ba28508c656854a66793d95
Introduced
572e09f5e8fcd54b0366836668e6685da68de22f
Fixed
f23895b2190f1d72d96ada15463ab8e20abead5b
Introduced
c050e8fb184690b8c4cc4c2a5c233f312d713b09
Fixed
98aab73cbd597dab5b0f1ab4b40dc160b0d2e26f

Affected versions

v13.*
v13.5.0-ee
v13.5.1-ee
v13.5.2-ee
v13.5.3-ee
v13.5.4-ee
v13.6.0-ee
v13.6.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26407.json"