Updates are available for the I18nTags extension to fix an XSS
vulnerability [1].
The XSS vulnerability is exploitable by all users who can edit pages.
The stored XSS is executed by anyone viewing an affected page. It is
recommended to clear the parser cache after updating. All versions
older than 2018-08-06 are affected.
If you are running I18nTags, please update to the latest code from git
or download updated snapshots for release versions 1.27, 1.30, 1.31 or
git master from [2].
Many thanks to Kevin Israel for finding the XSS vulnerability.
[1]
https://phabricator.wikimedia.org/T200973
[2]
https://www.mediawiki.org/wiki/Special:ExtensionDistributor/I18nTags
-Niklas