Metrics
Affected Vendors & Products
Solution
Upgrade to versions 18.1.4, 18.2.2 or above.
Workaround
No workaround given by the vendor.
Fri, 15 Aug 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Thu, 14 Aug 2025 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 13 Aug 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names. | |
Title | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitLab
Published:
Updated: 2025-08-13T20:36:52.358Z
Reserved: 2025-06-16T20:02:19.637Z
Link: CVE-2025-6186

Updated: 2025-08-13T20:36:47.880Z

Status : Analyzed
Published: 2025-08-13T18:15:32.533
Modified: 2025-08-15T16:33:10.170
Link: CVE-2025-6186

No data.

No data.