CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13336
https://notcve.org/view.php?id=CVE-2020-13336
30 Sep 2020 — An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. Se ha detectado un problema en GitLab que afecta a las versiones 11.8 anteriores a 12.10.13. GitLab era susceptible a una vulnerabilidad de tipo XSS almacenado en la funcionalidad error tracking • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13336.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13326
https://notcve.org/view.php?id=CVE-2020-13326
29 Sep 2020 — A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1. Bajo determinadas condiciones, la restricción para la importación de proyectos de Github podrían ser omitidas • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13326.json •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13321
https://notcve.org/view.php?id=CVE-2020-13321
29 Sep 2020 — A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1. Unas restricciones de formato de nombre de usuario pueden omitidas, permitiendo agregar etiquetas html • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13321.json •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13324
https://notcve.org/view.php?id=CVE-2020-13324
29 Sep 2020 — A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1. En determinadas condiciones, la actividad privada de un usuario podría ser expuesta por medio de la API • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13324.json •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13325
https://notcve.org/view.php?id=CVE-2020-13325
29 Sep 2020 — A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1. La sección de comentarios de la página de problemas no restringía los personajes apropiadamente, resultando en una denegación de servicio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13325.json •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13323
https://notcve.org/view.php?id=CVE-2020-13323
29 Sep 2020 — A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1. Bajo determinadas condiciones, las peticiones de fusión privadas pueden ser leídas mediante Todos • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13323.json •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13331
https://notcve.org/view.php?id=CVE-2020-13331
29 Sep 2020 — An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado mediante los pasajes de Wiki • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13331.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13330
https://notcve.org/view.php?id=CVE-2020-13330
29 Sep 2020 — An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado al importar la funcionalidad de proyecto Bitbucket • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13330.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13329
https://notcve.org/view.php?id=CVE-2020-13329
29 Sep 2020 — An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. Se ha detectado un problema en GitLab que afecta a versiones de 12.6.2 anteriores a 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado en la funcionalidad blob view • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13329.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13328
https://notcve.org/view.php?id=CVE-2020-13328
29 Sep 2020 — An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado por medio del uso de la API de archivos PyPi • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13328.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •