CVE-2017-0924 - AskarLabs CVE Database

CVE-2017-0924

Vendor Gitlab

Product GitLab Community and Enterprise Editions

Weakness CWE-79 · XSS

Published March 21, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.

Key dates

02Disclosure timeline

March 21, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-0924 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-5837 AlexanderLivanov FotosCMS2 Cookie profile.php cross site scripting CVE-2025-12290 Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting CVE-2025-23473 WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-2635 Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function CVE-2023-0926 Custom Permalinks <= 2.6.0 - Authenticated(Editor+) Stored Cross-Site Scripting

Identifiers

CVE CVE-2017-0924

CWE CWE-79

Affected versions

Vendor Gitlab

Product GitLab Community and Enterprise Editions

Affected 9.1.0 - 10.0.5 Fixed in 10.0.5

Vendor Gitlab

Product GitLab Community and Enterprise Editions

Affected 10.1.0 - 10.1.5 Fixed in 10.1.6

Vendor Gitlab

Product GitLab Community and Enterprise Editions

Affected 10.2.0 - 10.2.5 Fixed in 10.2.6

Vendor Gitlab

Product GitLab Community and Enterprise Editions

Affected 10.3.0 - 10.3.3 Fixed in 10.3.4