GitLab: Content injection in Jira issue title enabling sending arbitrary POST request as victim

Summary The issue described here leads to the same outcome as my previous report, https://hackerone.com/reports/1409788 . So look into that one for further details on the JavaScript gadgets. Also see my report https://hackerone.com/reports/1481207 for a detailed rundown of injections in GitLab...

Cross-Site Scripting (XSS)

@toast-ui/editor is susceptible to cross-site scripting XSS. The attack exists as the built-in XSS sanitizer does not properly handle the filtering of malicious script, allowing a remote attacker to bypass the validation check using the browser's quirk, such as adding a space...