wiki is vulnerable to cross-site scripting. The vulnerability exists because the library does not properly escape the HTML in the notification’s title, allowing an attacker with access to the edit page to inject and execute malicious javascript via the title
field.