mediawiki is vulnerable to cross-site scripting (XSS). The vulnerability exists as Language::translateBlockExpiry
itself does not escape in all code paths.
lists.debian.org/debian-lts-announce/2020/12/msg00034.html
lists.fedoraproject.org/archives/list/[email protected]/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html
phabricator.wikimedia.org/T268938
security-tracker.debian.org/tracker/CVE-2020-35479
www.debian.org/security/2020/dsa-4816