

XSS vulnerability in GitLab prior to 6.5.0 - alsutton010203
http://blog.gitlab.org/xss-vulnerability-in-gitlab/

======
namarkiv
Looks like this is the fix:
[https://github.com/gitlabhq/gitlabhq/commit/d6c037de81096680...](https://github.com/gitlabhq/gitlabhq/commit/d6c037de81096680db07397a44a0824355c703c8)

------
Ysx
CVE and exploit at
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-731...](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7316)

------
emillon
That's quite surprising, it's a textbook XSS vulnerability. It seems to me
that their markdown library should escape entities by default or they will
have many other vulns.

