Security Advisory

CVE-2018-9243

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-04-05 14:00:00

Last updated 2024-08-05 07:17:51

Assigner mitre

State PUBLISHED

Description

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.

← Browse all CVEs View on cve.org ↗