GitLab 12.1 up to and including 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
gitlab gitlab