CVE-2023-28158: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
References
Detect and mitigate CVE-2023-28158 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →