Note:
This project will be discontinued after December 13, 2021. [more]
2018-05-31
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
| Products | Gitlab |
| Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.securityfocus.com/bid/104491
• https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/ |