When I try to confirm the e-mail address for my account [[de:Benutzer:X" onclick="alert('XSS');" title="y]] I always get:
Wikipedia could not send your confirmation mail. Please check your e-mail address for invalid characters.
Mailer returned: Unknown error in PHP's mail() function
I tried it with different mail addresses (including the one I'm using here and the one for my main account, which I could confirm without problem), so it's probably not the mail address but the user name that makes problems.