CVE-2019-12445
CVE-2019-12445 affects GitLab Community and Enterprise Edition, versions 8.4 through 11.11. A malicious user could trigger cross-site scripting (XSS) by importing a specially crafted project file, causing JavaScript to execute in notes. The root cause is improper handling of imported project cont...