I think that history pages in MariaDB Knowledge Base have a cross-site scripting vulnerability because special characters contained in link texts and revision comments are not escaped. For example, this page: https://mariadb.com/kb/en/meta/editing-help/creole-formatting/+history -- 100の人