CVE-2018-19574
GitLab CE/EE is affected by an XSS on the OAuth authorization page in versions 7.6–11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1. The issue is a cross-site scripting vulnerability on the OAuth flow. Remediation per sources is to upgrade to fixed releases: 11.3.11+, 11.4.8+...