Skip to content

HackerOne reported issue: Cross-Site Scripting (XSS) Vulnerability in RDOC support

https://hackerone.com/reports/200693

Steps to Reproduce

  • Create a new GitLab project
  • Initialise the project by creating a README file
  • Set the file title to README.rdoc
  • Paste the below Payload into the file
  • Commit the file to the project and click on the "XSS" link

Proof of Concept Payload

XSS[JaVaScriPt:alert(1)] <-- click to test