{"id":"CVE-2020-13267","details":"A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1","aliases":["BIT-gitlab-2020-13267"],"modified":"2026-03-14T10:44:37.679540Z","published":"2020-06-10T15:15:13.103Z","references":[{"type":"ADVISORY","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13267.json"},{"type":"ADVISORY","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/211956"},{"type":"REPORT","url":"https://hackerone.com/reports/824773"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"last_affected":"7154da26005ece7f66f4d68e22e2b933f15a5e6d"},{"introduced":"0bd32f788647bb832f3d9eb5746cbda5300e0fa2"},{"last_affected":"7154da26005ece7f66f4d68e22e2b933f15a5e6d"}],"database_specific":{"versions":[{"introduced":"12.8.0"},{"last_affected":"13.0.1"},{"introduced":"12.8.0"},{"last_affected":"13.0.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13267.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}