CVE-2020-10078 (NVD)

2020-03-13

GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.

Products Gitlab
Type Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
First patch - None (likely due to unavailable code)
Links https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/