XSS Vulnerability in GitLab Community and Enterprise Editions 8.4 - 10.4

XSS Vulnerability in GitLab Community and Enterprise Editions 8.4 - 10.4

CVE-2018-9243 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.

Learn more about our Web Application Penetration Testing UK.