XSS Vulnerability in GitLab CE/EE Markdown Fields via Unrecognized HTML Tags

CVE-2018-19570 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.

Learn more about our Web Application Penetration Testing UK.