self-XSS in import project from github

HackerOne report #421848 by lincoln9932 on 2018-10-09:

Hello, team. I found self xss. self-xss in scope?

Projects - Explore Projects - New Project -> Import project from github

2gsOOEnrm3o.jpg

paste </script>'"><img src=x onerror=alert();> XSS execute.

Impact

XSS.

Attachments

Warning: Attachments received through HackerOne, please exercise caution!

Edited by Alexander Dietrich