The host is installed with GitLab CE/EE 5.1 before 15.9.6, 15.10 before 15.10.5, 15.11 before 15.11.1 and is prone to a cross-site request forgery vulnerability. A flaw is present in the application, which fails to properly handle specific circumstances. Successful exploitation allows attackers to render as HTML, when viewing an XML file in a repository in "raw" mode.