GitLab: Bypass: Stored-XSS with CSP-bypass via scoped labels' color

A Stored-XSS with CSP-bypass vulnerability was discovered in GitLab that allowed attackers to execute arbitrary actions on behalf of victims at the client side. The vulnerability was caused by a missing mitigation for scoped labels, which allowed attackers to create a Stored-XSS with CSP-bypass o...