CVE-2025-11224
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: GitLab Inc.
Description
Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab_ce | From 15.10 (inc) to 18.3.6 (exc) |
| gitlab | gitlab_ee | From 15.10 (inc) to 18.3.6 (exc) |
| gitlab | gitlab_ce | to 18.4.4 (exc) |
| gitlab | gitlab_ee | to 18.4.4 (exc) |
| gitlab | gitlab_ce | to 18.5.2 (exc) |
| gitlab | gitlab_ee | to 18.5.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70