The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. Reference: https://gerrit.wikimedia.org/r/q/I58d37fb59f998f5bec4a018bf9da96a777f8ff78 https://phabricator.wikimedia.org/T293556
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 2048949]
Please stop opening these bugs. These are against extensions that are NOT shipped in the mediawiki package.