GitLab: HTML injection possible with soft email confirmations when Administrator manually confirms attacker email address

The vulnerability allowed an attacker to include an HTML payload in their email address. If an administrator manually confirmed the attacker's unconfirmed email address, the HTML payload was rendered within the context of the self-hosted GitLab instance...