Description:
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
Gitlab issue descriptions and other areas that accept markdown like .md files in repositories are vulnerable to cross-site scripting.
Impact:
An attacker can run any arbitrary Javascript code in the victim’s browser
CVSS Score:
6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Exploit:
<style><img src="o.O" onerror=alert(`document.domain`)> <iframe/%0
References/Sources:
https://gist.github.com/mortenson/55c60006e336c3c4327d62365fcf04d4
https://gitlab.com/gitlab-org/gitlab-foss/-/issues/64033
https://nvd.nist.gov/vuln/detail/CVE-2019-15739