MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded,...