Stored XSS in user status (#55320) · Issues · GitLab.org / GitLab FOSS · GitLab (original) (raw)

Skip to content

GitLab Next

• • Why GitLab
  • Pricing
  • Contact Sales
  • Explore
• Why GitLab
• Pricing
• Contact Sales
• Explore
• Sign in
• Get free trial

Stored XSS in user status

HackerOne report #461607 by ashish_r_padelkar on 2018-12-13:

**Summary:**Hello,

I found a stored XSS in user status which executes on issues, merge requests etc

**Description:**If you add your status with xss payload at https://gitlab.com/profile as "><img src=x onerror=prompt(1)> , it executes when you comment in issues merge request etc

Steps To Reproduce:

1. Save your status at https://gitlab.com/profile as "><img src=x onerror=prompt(1)>
2. Comment on any issue,merge request etc
3. Now hover over your name and it will open a tool tip where this status xss gets executed!

Regards, Ashish

Impact

Stored XSS in user status

Relevant Links

Security issue - https://dev.gitlab.org/gitlab/gitlabhq/issues/2786

Edited Jan 23, 2019 by Dennis Tang