CVE-2018-12607

MEDIUM

GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS

Title source: llm

Description

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

References (2)

Core 2

Core References

Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://gitlab.com/gitlab-org/gitlab-ce/issues/45903

Vendor Advisory x_refsource_confirm

https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/

Scores

CVSS v3 5.4

EPSS 0.0006

EPSS Percentile 17.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

gitlab/gitlab < 10.7.6 (2 CPE variants)

Published Aug 03, 2018

Tracked Since Feb 18, 2026