GitLab patched a high-severity vulnerability that unauthenticatedĀ attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. […]

from https://www.bleepingcomputer.com/news/security/high-severity-gitlab-flaw-lets-attackers-take-over-accounts/