CVE-2025-1763

medium

Description

Gitlab reports: Cross Site Scripting (XSS) in Maven Dependency Proxy through CSP directives Cross Site Scripting (XSS) in Maven dependency proxy through cache headers Network Error Logging (NEL) Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service (DOS) via issue preview Unauthorized access to branch names when Repository assets are disabled in the project

Details

Source: Mitre, NVD

Published: 2025-04-24

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

Detections

Analytics