Stored XSS in user status
HackerOne report #461607 by ashish_r_padelkar on 2018-12-13:
Summary: Hello,
I found a stored XSS in user status which executes on issues, merge requests etc
Description:
If you add your status with xss payload at https://gitlab.com/profile
as "><img src=x onerror=prompt(1)>
, it executes when you comment in issues merge request etc
Steps To Reproduce:
- Save your status at
https://gitlab.com/profile
as"><img src=x onerror=prompt(1)>
- Comment on any issue,merge request etc
- Now hover over your name and it will open a tool tip where this status xss gets executed!
Regards, Ashish
Impact
Stored XSS in user status
Relevant Links
Security issue - https://dev.gitlab.org/gitlab/gitlabhq/issues/2786
Edited by Dennis Tang