Stored XSS on Issue details page
Link: https://hackerone.com/reports/384255 By: @8ayac
Details: Summary: The detail page of Issue (the page that provides the content of an Issue) is vulnerable to Stored XSS.
The two exploits are via the function of submittin an issue or the function of editing an issue.
This vulnerability is reproduced in
Edge are not. I did not test the reproduction on other browsers.
Steps To Reproduce:
- Sign in to GitLab.
- Click the "[+]" icon.
- Click "New Project".
- Fill out "Project name" form with "PoC".
- Check the check box of "Public".
- Click "Issues"
- Click "New issue" button.
- Fill out the each form as follows:
- Title: PoC
- Click "Submit issue".
Furthermore, when editing an already existing issue, you can also reproduce by entering A in the "Description" form and saving it.
The security impact is the same as any typical Stored XSS.