Cross-site Scripting (XSS)
mediawiki/core is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the $date variable in the render function of FullSearchResultWidget.php as it does not properly escape the month-related MediaWiki messages before being used on the Special: Searc...