GitLab URI Scheme Cross-Site Scripting Vulnerability Fixed by 8.7.4


Description   (:A cross-site scripting vulnerability was reported in GitLab.:A remote attacker could exploit it by enticing their victim into following a specially crafted link in order to execute arbitrary JavaScript/HTML code.::This vulnerability stems from an improper user input sanitization in URI scheme of user-supplied links.::A proof of concept is available.)
     
Vulnerable Products   Vulnerable Software:
GitLab Community Edition (GitLab) - 8.7.0, 8.7.1, 8.7.2, 8.7.3
     
Solution   Version 8.7.4 of GitLab Community Edition fixes this vulnerability.
     
CVE  
     
References   - GitLab : 8.7.4 Released
https://about.gitlab.com/2016/05/11/gitlab-8-dot-7-dot-4-released/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : javascript code found in data
5.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2016-05-11 

 Target Type 
Client 

 Possible exploit 
Remote