CVE-2018-18643 log

Severity Medium
Remote Yes
Type Cross-site scripting
A security issue has been found in gitlab versions prior to 11.4.3, where the fragment identifier (hash) of several pages contained a lack of input validation and output encoding issue which resulted in a persistent XSS.
Group Package Affected Fixed Severity Status Ticket
AVG-794 gitlab 11.4.0-1 11.4.3-1 Critical Fixed
Date Advisory Group Package Severity Type
31 Oct 2018 ASA-201810-16 AVG-794 gitlab Critical multiple issues