An issue exists in GitLab Community and Enterprise Edition 10.5 up to and including 12.4 in link validation for RDoc wiki pages feature. It has XSS.
gitlab gitlab