An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.
{ "cpes": [ "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" ], "severity": "Medium" }