Continuous integration/Phan/phan-taint-check-plugin/Security issues found
This is a list of exploitable issues found by phan-taint-check. Only counting things that are likely to be exploitable by a low privledge user (AKA real vulnerabilities, not just raw html messages).
- https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/GoogleDocTag/+/456820/
- https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/YotpoReviews/+/456892
- Found an SQLi in Extension:Reflect, the extension was obsolete/broken anyways, so it was archived (phab:T201107)
- https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/SportsTeams/+/459247/
- Possible XSS (unclear) in Wikimedia deployed extension https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OpenStackManager/+/459640/