The host is installed with GitLab EE 14.5 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in GitLab EE's external issue tracker. Successful exploitation could allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link.