cvedb.io
CVE-2018-9244
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2018-04-05T14:29:00.387 · Last modified 2026-06-17T02:06:16.803

Summary

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.

Affected products

gitlab — gitlab

Does this affect you?

Add your gear to cvedb and we'll alert you only when gitlab ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.