Saleemrashid

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.4 and above Description: A stored Cross-Site Scripting issue in the GitLab Flavored Markdown allows an attacker to execute arbitrary JavaScript code on the victim's behalf. Recommendations: For GitLab CE/EE versions 8.4 and above, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 11.4 and up **Description** The issue is related to insufficient input sanitization in Mermaid markdown, allowing a remote attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. This can impact the integrity of data. **Recommendations** For GitLab CE/EE versions 11.4 and up, consider disabling the Mermaid markdown feature until a patch is available to prevent exploitation of the stored cross-site scripting vulnerability. Restrict access to markdown editing to minimize the risk of malicious input.