Jouko

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.2.x through 11.4.x before 11.4.13 GitLab Community and Enterprise Edition versions 11.5.x before 11.5.6 GitLab Community and Enterprise Edition versions 11.6.x before 11.6.1 Description: An issue allows XSS. Recommendations: For GitLab Community and Enterprise Edition versions 11.2.x through 11.4.x before 11.4.13, update to version 11.4.13 or later. For GitLab Community and Enterprise Edition versions 11.5.x before 11.5.6, update to version 11.5.6 or later. For GitLab Community and Enterprise Edition versions 11.6.x before 11.6.1, update to version 11.6.1 or later.

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.2.x through 11.4.x before 11.4.13 GitLab Community and Enterprise Edition versions 11.5.x before 11.5.6 GitLab Community and Enterprise Edition versions 11.6.x before 11.6.1 Description: An issue allows XSS. Recommendations: For versions 11.2.x through 11.4.x before 11.4.13, update to version 11.4.13 or later. For versions 11.5.x before 11.5.6, update to version 11.5.6 or later. For versions 11.6.x before 11.6.1, update to version 11.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions 11.5.8 and earlier, 11.6.x before 11.6.6, 11.7.x before 11.7.1 **Description** The issue allows for a persistent XSS due to a lack of input validation and output encoding when processing KaTeX in Markdown fields. **Recommendations** For GitLab Community and Enterprise Edition versions 11.5.8 and earlier, update to version 11.5.8 or later. For GitLab Community and Enterprise Edition versions 11.6.x before 11.6.6, update to version 11.6.6 or later. For GitLab Community and Enterprise Edition versions 11.7.x before 11.7.1, update to version 11.7.1 or later.