Writ Keeper

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.18.5 MediaWiki versions 1.19.x prior to 1.19.2 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. This occurs when an attacker crafts a link that appears to be a legitimate image file but actually contains malicious code. Recommendations: For MediaWiki versions prior to 1.18.5, update to version 1.18.5 or later. For MediaWiki versions 1.19.x prior to 1.19.2, update to version 1.19.2 or later.