CVE-2018-12607
CVE-2018-12607 affects GitLab CE/EE prior to 10.7.6, 10.8.x prior to 10.8.5, and 11.x prior to 11.0.1. It describes a persistent XSS in the charts feature due to lack of output encoding. Upgrading to GitLab version 11.0.1 or newer (upstream fix) is the documented remediation; other sources also n...