Continuous integration/Phan/phan-taint-check-plugin/Security issues found

This is a list of exploitable issues found by phan-taint-check. Only counting things that are likely to be exploitable by a low privledge user (AKA real vulnerabilities, not just raw html messages).


 * https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/GoogleDocTag/+/456820/
 * https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/YotpoReviews/+/456892
 * Found an SQLi in Extension:Reflect, the extension was obsolete/broken anyways, so it was archived (T201107)
 * https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/SportsTeams/+/459247/
 * Possible XSS (unclear) in Wikimedia deployed extension https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OpenStackManager/+/459640/