{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "8.14.9" }, { "introduced": "0" }, { "last_affected": "8.15.0" }, { "introduced": "0" }, { "last_affected": "8.15.1" }, { "introduced": "0" }, { "last_affected": "8.15.2" }, { "introduced": "0" }, { "last_affected": "8.15.3" }, { "introduced": "0" }, { "last_affected": "8.15.4" }, { "introduced": "0" }, { "last_affected": "8.15.5" }, { "introduced": "0" }, { "last_affected": "8.16.0" }, { "introduced": "0" }, { "last_affected": "8.16.1" }, { "introduced": "0" }, { "last_affected": "8.16.2" }, { "introduced": "0" }, { "last_affected": "8.16.3" }, { "introduced": "0" }, { "last_affected": "8.16.4" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "0c79c85b6bf7e98816255d673569727b083a90cd" }, { "introduced": "0" }, { "last_affected": "c1710afbd437c557741ff4c7fa185c6ffb89bf1b" }, { "introduced": "0" }, { "last_affected": "3e62eeed9a33f4885c53dbb73715f3b3ebda9434" }, { "introduced": "0" }, { "last_affected": "aa958616f4996672ef494e6a5222726093d17d87" }, { "introduced": "0" }, { "last_affected": "fe6cf5a54771739af7f10aa15c33d42b1a1ddbd7" }, { "introduced": "0" }, { "last_affected": "e33b0cbd0dfb10617a37ec5ce054fadb82c8631b" }, { "introduced": "0" }, { "last_affected": "f431be49b6940b3079b30cd65de56f03b4328e2e" }, { "introduced": "0" }, { "last_affected": "47550d092f0a6cbedc58752d1a220fe519b8ea01" }, { "introduced": "0" }, { "last_affected": "060f824bd7be41ffc05af04def53f20e3a870ca7" }, { "introduced": "0" }, { "last_affected": "a019470b8a6d2fa82a5eec3200663eca87c96baa" }, { "introduced": "0" }, { "last_affected": "bc4639359cf2880d6ee614a01e6b8049293d4366" }, { "introduced": "0" }, { "last_affected": "93daa28c0cff0fa8a523d29a9e1ea887cbe021d8" } ], "repo": "https://gitlab.com/gitlab-org/gitlab", "type": "GIT" } ] } ], "details": "GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.", "id": "CVE-2017-8778", "modified": "2026-03-13T21:54:29.911182396Z", "published": "2017-05-04T15:29:00.157Z", "references": [ { "type": "FIX", "url": "https://about.gitlab.com/2017/02/15/gitlab-8-dot-16-dot-5-security-release/" }, { "type": "EVIDENCE", "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/27471" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }