CVE-2018-19570

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
References
Link Resource
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/ Broken Link Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/52392 Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/109169 Broken Link Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Information

Published : 2019-07-10 09:15

Updated : 2023-03-01 07:46


NVD link : CVE-2018-19570

Mitre link : CVE-2018-19570


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

gitlab

  • gitlab