CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2018-14606
https://notcve.org/view.php?id=CVE-2018-14606
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) mediante un nombre Milestone durante una promoción. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/48617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •