Medium severity5.4OSV Advisory· Published Aug 3, 2018· Updated Jun 17, 2026
CVE-2018-12605
CVE-2018-12605
Description
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: >=10.7.0, <10.7.6
- Range: >=10.7.0, <10.7.6
Patches
Vulnerability mechanics
References
2- gitlab.com/gitlab-org/gitlab-ce/issues/45168nvdExploitIssue TrackingPatchVendor Advisory
- about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/nvdVendor Advisory
News mentions
0No linked articles in our index yet.