Category:Extensions with XSS vulnerabilities

These extensions are known to contain cross-site scripting vulnerabilities, which expose users to malicious client code injection that could be used to, among other things, hijack user accounts or expose cookies to foreign domains.

It is advised that these are not used on a public, production wiki until the issues are addressed.

To add an extension to this list, tag it with XSS alert.