CVE-2018-10891: Injection Vulnerability
(updated )
When a quiz question bank is imported, it is possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
References
Detect and mitigate CVE-2018-10891 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →