X0Abcd

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 15.11 through 18.4.6 GitLab CE/EE versions 18.5 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 **Description** GitLab CE/EE is affected by an issue that, under certain circumstances, could allow an unauthenticated user to perform unauthorized actions on behalf of another user. This is possible through the injection of malicious external scripts into the Swagger UI. The issue is related to improper neutralization of input during web page generation, specifically a Cross-site Scripting condition. **Recommendations** GitLab CE/EE versions 15.11 through 18.4.6 should be updated to a version later than 18.4.6. GitLab CE/EE versions 18.5 through 18.5.4 should be updated to a version later than 18.5.4. GitLab CE/EE versions 18.6 through 18.6.2 should be updated to a version later than 18.6.2.