It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. The oldstable distribution is not affected.