@AbdulWasayGaanja reported a persistent XSS vulnerability that existed in a repository’s file finder view. If an attacker created a file in a repository with a name that contained HTML markup, the unescaped HTML was used when the file finder view was accessed.

While exploitation of this vulnerability was prevented by our use of CSP, we still took the threat seriously. We addressed the behavior by properly escaping filenames in the file finder.