Home > Vulnerability Database > CVE-2018-9243

Mend.io Vulnerability Database

CVE-2018-9243

Date: April 5, 2018

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.

Severity Score

6.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-9243

Url: https://gitlab.com/gitlab-org/gitlab-ce/issues/42028

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9243

Url: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/

Url: https://www.mend.io/vulnerability-database/CVE-2018-9243

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-9243

Date: April 5, 2018

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?