Gitlab · Gitlab Ce/Ee · CVE-2018-12605
**Name of the Vulnerable Software and Affected Versions**
GitLab Community Edition and Enterprise Edition versions 10.7.x through 10.7.5
**Description**
An issue was discovered due to the usage of `url for` which contained a XSS issue. This was caused by `url for` allowing arbitrary protocols as a parameter.
**Recommendations**
For GitLab Community Edition and Enterprise Edition versions 10.7.x through 10.7.5, update to version 10.7.6 or later to resolve the issue.