XSS On meta tags in profile page
Unknown
Vulnerability Details
The profile page (https://gitlab.com/u/<user>) does not properly sanitize quotation marks, allowing for injection of attributes into the meta tags. This allows for redirection to phishing sites and other various nefarious things. I've managed to get my [profile page](https://gitlab.com/u/Plazmaz) to redirect to Bing by setting my bio to
`0;url=http://www.bing.com" http-equiv="refresh`
Actions
View on HackerOneReport Stats
- Report ID: 159984
- State: Closed
- Substate: resolved
- Upvotes: 10