The host is installed with GitLab CE/EE 15.2 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in the external status checks feature. Successful exploitation could lead to a stored XSS that allows attackers to perform arbitrary actions on behalf of victims at client side.