GitLab: Stored XSS in merge request pages
A stored cross-site scripting XSS vulnerability was discovered in GitLab merge request pages. An attacker could exploit this vulnerability by creating a merge request with a specially crafted branch name and tricking a user with insufficient permissions to view the merge request page. This could...