{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T06:52:17.241","vulnerabilities":[{"cve":{"id":"CVE-2020-26407","sourceIdentifier":"cve@gitlab.com","published":"2020-12-10T06:15:13.750","lastModified":"2024-11-21T05:19:52.393","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project"},{"lang":"es","value":"Se presenta una vulnerabilidad de tipo XSS en Gitlab CE/EE desde versiones 12.4 anteriores a 13.4.7, versiones 13.5 anteriores a 13.5.5 y versiones 13.6 anteriores a 13.6.2, que permite a un atacante llevar a cabo ataques de tipo cross-site scripting para otros usuarios por medio de la importaciĆ³n de un proyecto malicioso."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"13.4.7","matchCriteriaId":"A9F5AA4C-A72D-49D1-BE93-FD01CCC1EAB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"13.4.7","matchCriteriaId":"2DDA04AC-DF77-4203-8EF4-2F3822FE8C4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"13.5.0","versionEndExcluding":"13.5.5","matchCriteriaId":"468AFC4C-4AFE-4502-AE04-CEC567CC9454"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.5.0","versionEndExcluding":"13.5.5","matchCriteriaId":"C03EE1D3-7824-43A8-ACA2-7EE7EA9B638E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"13.6.0","versionEndExcluding":"13.6.2","matchCriteriaId":"8A470CCF-C038-44D4-AB14-B9134C0E7ABC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.6.0","versionEndExcluding":"13.6.2","matchCriteriaId":"63A5C9B5-F86B-4066-8042-865AB4DD4859"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26407.json","source":"cve@gitlab.com","tags":["Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/212630","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/832117","source":"cve@gitlab.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26407.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/212630","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/832117","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]}]}}]}