It looks like the "uselang" parameter is vulnerable to simple reflective xss attacks.
Fortunately, all modern browsers refuse to run javascript they see in the url, but there is a constant stream of ways around that protection.
http://en.wikipedia.org/wiki/Main_Page?uselang=a%27%20onmouseover=eval(alert(1))%20e=%27
It looks like we use the uselang parameter in several single-quoted strings, but don't escape single quotes in it.
Version: unspecified
Severity: major