Thread:KockaAdmiralac/@comment-3974211-20200116003856/@comment-27345308-20200117003922

Hey, I know, I spotted that XSS vulnerability after Sophie pointed me to Ninjamask's question in the official server. I provided Rappy with the wikitext to reproduce the vulnerability and he has then disabled the script. The JavaScript review team has unfortunately been missing security issues such as these quite often in past and one of my current tasks is to efficiently lookup and report these kinds of security holes.

Anyways, I have now rewritten the script to be secure and you can find it in my common.js over there. As far as I've tested everything else should work the same, but do tell me if you encounter issues with it. If everything works fine, please update the script on all other wikis that use it. These are LevelSelect scripts I can find cross-wiki through my old-ish JavaScript dump: Not all of them are vulnerable, but it would be great if you could get them all up-to-date.
 * w:c:de.leagueoflegends:MediaWiki:LevelSelect.js
 * w:c:de.leagueoflegends:MediaWiki:LevelSelect2.js
 * w:c:es.leagueoflegends:MediaWiki:Common.js/levelselect.js
 * w:c:es.leagueoflegends:MediaWiki:Common.js/levelselect2.js
 * w:c:es.pruebasdesigns:MediaWiki:Common.js/levelselect.js
 * w:c:it.leagueoflegends:MediaWiki:Common.js/levelselect.js
 * w:c:it.leagueoflegends:MediaWiki:Common.js/levelselect2.js
 * w:c:leagueoflegends:MediaWiki:Common.js/levelselect.js
 * w:c:ru.leagueoflegends:MediaWiki:Levelselect2.js
 * w:c:tr.leagueoflegends:MediaWiki:Common.js/levelselect.js
 * w:c:tr.leagueoflegends:MediaWiki:Common.js/levelselect2.js

Cheers!