The host is installed with GitLab EE 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, or 15.0 prior to 15.0.1 and is prone to a stored cross-site scripting vulnerability. A flaw is present in the application, which fails to handle specially crafted Jira Issues. Successful exploitation allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.