XSS Vulnerability in GitLab CE/EE Markdown Fields via Mermaid

CVE-2018-19573 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

Learn more about our Web Application Penetration Testing UK.