CVE-2025-4278

High

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html…

GitLab·CWE-80·Published 2025-06-12

CVSS

8.7

EPSS

0.06

KEV

Exploits

cve.orgen

192 chars

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

NVDen

192 chars

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 18.0 y anteriores a la 18.0.2. En determinadas circunstancias, la inyección de HTML en una nueva página de búsqueda podría provocar el robo de cuentas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.7	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
3.1	Secondary	NVD	8.7	2.3	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N