Skip to content
GitLab Next
Closed
Created by Robert Speicher@rspeicherContributor

Cross-Site Scripting when editing a comment

  • Title: Cross-Site Scripting when editing a comment
  • Scope: None
  • Weakness: Cross-site Scripting (XSS) - DOM
  • Severity: Medium
  • Link: https://hackerone.com/reports/294029
  • Date: 2017-11-30 15:50:05 +0000
  • By: @sploutchy

Details: When editing a comment into a GitLab issue, its content (no matter if in markdown code or not) will be interpreted and executed.

For example, the simple comment <img src="not" onerror="alert(1)" /> can be inserted into a comment and saved without execution. When edited however, the code will be triggered.

Impact

If an admin were to edit a malicious comment of a user, the XSS would be triggered into his browser. This scenario was however not tested.