GitLab: Stored XSS on Files overview by abusing git submodule URL

Vulnerability description There's a stored Cross-Site Scripting XSS vulnerability in the Files overview of a project due to the incorrect handling of a git submodule. This allows an attacker to execute JavaScript in a visitor's session. Proof of concept To reproduce the issue, the attacker needs ...