CVE-2018-3755: Cross-site Scripting

June 1, 2018 (updated October 9, 2019)

XSS in sexstatic causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.

References

nvd.nist.gov/vuln/detail/CVE-2018-3755

Detect and mitigate CVE-2018-3755 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →