XSS by setting external tracker URLs to uploaded html
Steps to reproduce
- Upload html file as attachment to any comment on a project
- Set up service, such as Redmine
- Set project URLs to uploaded html file's URL
- Enable and save service
- Click issues link on project
- Turbolinks will execute the file
Screenshot
