CVE-2017-8778
GitLab prior to 8.14.9, 8.15.x prior to 8.15.6, and 8.16.x prior to 8.16.5 are vulnerable to XSS via a SCRIPT element in an SVG document used in issue attachments or avatars. Root cause: SVG SCRIPT element allows script execution. Impact: cross-site scripting; user-provided SVGs can steal data or...