An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/