Vulnerabilities > Gitlab > Gitlab > 10.5.0

DATE CVE VULNERABILITY TITLE RISK
2018-05-31 CVE-2018-10379 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2.
network
gitlab CWE-79
4.3
4.3
2018-04-05 CVE-2018-9244 Cross-site Scripting vulnerability in Gitlab
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature).
network
gitlab CWE-79
4.3
4.3
2018-04-05 CVE-2018-9243 Cross-site Scripting vulnerability in Gitlab
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests).
network
gitlab CWE-79
4.3
4.3
2018-03-24 CVE-2018-8971 Improper Input Validation vulnerability in Gitlab
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
network
low complexity
gitlab debian CWE-20
7.5
7.5