Cross-Site Scripting when editing a comment
- Title: Cross-Site Scripting when editing a comment
- Scope: None
- Weakness: Cross-site Scripting (XSS) - DOM
- Severity: Medium
- Link: https://hackerone.com/reports/294029
- Date: 2017-11-30 15:50:05 +0000
Details: When editing a comment into a GitLab issue, its content (no matter if in markdown code or not) will be interpreted and executed.
For example, the simple comment
<img src="not" onerror="alert(1)" /> can be inserted into a comment and saved without execution. When edited however, the code will be triggered.
If an admin were to edit a malicious comment of a user, the XSS would be triggered into his browser. This scenario was however not tested.