Persistent XSS in Label and Milestone dropdowns
H1 disclosure:
https://hackerone.com/reports/131792
Only applies to 8.7 and 8.6.