{"id":"CVE-2019-19311","details":"GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.","modified":"2026-04-10T04:16:18.522693Z","published":"2020-01-03T16:15:11.047Z","references":[{"type":"ADVISORY","url":"https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/"},{"type":"ADVISORY","url":"https://about.gitlab.com/blog/categories/releases/"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab/issues/31536"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"4ae57e0b374bbb8e461305d8a7a68b550bdd768d"},{"fixed":"a58a3535cbef81166d64d5d9cee0f1e30b2f4e2f"},{"introduced":"572e09f5e8fcd54b0366836668e6685da68de22f"},{"fixed":"e2a57d1edb294e8aa57824d069eea4e84684884e"},{"introduced":"4878f9ac8941c5ad124c9f2216897109c5dde4af"},{"fixed":"446272bad6ccc2651f2578bc56117910f0586cf2"}],"database_specific":{"versions":[{"introduced":"8.14.0"},{"fixed":"12.3.7"},{"introduced":"12.4.0"},{"fixed":"12.4.4"},{"introduced":"12.5.0"},{"fixed":"12.5.1"}]}}],"versions":["v12.4.0-ee","v12.4.2-ee","v12.4.3-ee","v12.5.0-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19311.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}