CVE-2023-1836

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-1836
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1836.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-1836
Aliases
Downstream
Published
2023-05-03T00:00:00Z
Modified
2026-04-10T04:55:39.961568Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1836.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
cbcfe12f58b815db9b9263b36f1576ae389b7276
Fixed
85a92396626cc698a65afd57df80298d3439fb87
Database specific 
{
    "versions": [
        {
            "introduced": "5.1"
        },
        {
            "fixed": "15.9.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
defe6e7f8821c58e67a2e909ef8d36463d76e7e8
Fixed
979ce9cea3e92eb0714de8ff4f6ae98488b03175
Database specific 
{
    "versions": [
        {
            "introduced": "15.10"
        },
        {
            "fixed": "15.10.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
4dce6bc3728f63bc9086ff3088cda7527f6f0bec
Fixed
59859b264764a06096c15459ea93f581515f112e
Database specific 
{
    "versions": [
        {
            "introduced": "15.11"
        },
        {
            "fixed": "15.11.1"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v15.*
v15.10.0-ee
v15.10.2-ee
v15.10.3-ee
v15.10.4-ee
v15.11.0-ee
v15.9.0-ee
v15.9.0-rc42-ee
v15.9.0-rc43-ee
v15.9.0-rc44-ee
v15.9.1-ee
v15.9.3-ee
v15.9.5-ee
v5.*
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1836.json"