Wikibase
+ (T339111, CVE-2023-37302) - Style injection into badges on Wikidata due
to
unescaped quotes.
<https://gerrit.wikimedia.org/r/c/933649>
It should be noted that the description of this issue is incorrect. It is
an XSS not just a style injection.
--
bawolff