Cross-site Scripting (XSS) vulnerability in repository "new branch" view
This vulnerability was reported by a customer via the security@
email address.
To exploit:
Create a new branch from the command line and push it to the repo:
$ git checkout -b '<script>alert();</script>'
Switched to a new branch '<script>alert();</script>'
$ git push origin '<script>alert();</script>'
Now browse to the repo and try to create a new branch: