The host is installed with GitLab CE/EE 15.3 before 15.7.8, 15.8 before 15.8.4 or 15.9 before 15.9.2 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in the title field of work items. Successful exploitation allows attackers to perform arbitrary actions on behalf of victims at client side.