First published: Thu Apr 05 2018(Updated: )
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=9.2<10.4.7 | |
GitLab GitLab | >=9.2<10.4.7 | |
GitLab GitLab | >=10.5.0<10.5.7 | |
GitLab GitLab | >=10.5.0<10.5.7 | |
GitLab GitLab | >=10.6.0<10.6.3 | |
GitLab GitLab | >=10.6.0<10.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.