Stored XSS using find file

HackerOne report #650670 by xssa on 2019-07-19, assigned to akelly:

Hi security team

Today i found stored xss

POC
-Create Project
-Go and Create New Directory put this Payload in the name of the Directory

and press creat directory
-Go back now to the project and press find file and put the same payload XSS will execute.

Thanks

Impact

This stored XSS will affect any user visit tor project

Warning: Attachments received through HackerOne, please exercise caution!

Edited Nov 12, 2019 by GitLab SecurityBot