GitLab Community and Enterprise Edition Cross-site Scripting Vulnerability


An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.


The information has been provided by James Ritchey

The original article can be found at:


GitLab is prone to an HTML injection vulnerability.
Vulnerable Systems:

Gitlab GitLab Enterprise Edition 11.5
Gitlab GitLab Enterprise Edition 11.4
Gitlab GitLab Enterprise Edition 11.3
Gitlab GitLab Community Edition 11.5
Gitlab GitLab Community Edition 11.4
Gitlab GitLab Community Edition 11.3

CVE Information:


Disclosure Timeline:
Published Date:07/16/2019