GHSA-cvqc-8rrv-whf2
GitHub Security Advisory
⚠ Unreviewed
MODERATE
Has CVE
Advisory Details
A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 4, 2025 6:39 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.