{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "11.5.8" }, { "introduced": "0" }, { "fixed": "11.5.8" }, { "introduced": "11.6.0" }, { "fixed": "11.6.6" }, { "introduced": "11.6.0" }, { "fixed": "11.6.6" }, { "introduced": "11.7.0" }, { "fixed": "11.7.1" }, { "introduced": "11.7.0" }, { "fixed": "11.7.1" } ] }, "events": [ { "introduced": "0" }, { "fixed": "abfb287f424b28a64807bf9ba12c4a909e8d9f86" }, { "introduced": "0" }, { "fixed": "abfb287f424b28a64807bf9ba12c4a909e8d9f86" }, { "introduced": "4c09765c6424a96be7c7ae7707db3bda4e9c4ab4" }, { "fixed": "e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5" }, { "introduced": "4c09765c6424a96be7c7ae7707db3bda4e9c4ab4" }, { "fixed": "e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5" }, { "introduced": "c02f0d47774ac40ee0d1097d00d7980ef0c7012c" }, { "fixed": "51b69167426f1a15449328d5221a96d7306d7fc5" }, { "introduced": "c02f0d47774ac40ee0d1097d00d7980ef0c7012c" }, { "fixed": "51b69167426f1a15449328d5221a96d7306d7fc5" } ], "repo": "https://gitlab.com/gitlab-org/gitlab", "type": "GIT" } ] } ], "details": "An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.", "id": "CVE-2019-6784", "modified": "2026-03-13T21:52:19.454623511Z", "published": "2019-09-09T20:15:11.370Z", "references": [ { "type": "ADVISORY", "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/" }, { "type": "REPORT", "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54416" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }