CategoryTree also has some potentially false positives from the new version:
./includes/CategoryTreeHooks.php:113 SecurityCheck-XSS Outputting user controlled HTML from Parser function hook \CategoryTreeHooks::parserFunction (Caused by: ./includes/CategoryTreeHooks.php +112) ./includes/CategoryTreeHooks.php:168 SecurityCheck-XSS Outputting user controlled HTML from Parser tag hook \CategoryTreeHooks::parserHook (Caused by: ./includes/CategoryTree.php +386; ./includes/CategoryTreeHooks.php +144; ./includes/CategoryTreeHooks.php +155) ./includes/CategoryTreePage.php:119 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \CategoryTreePage::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CategoryTree.php +556)