Wikimedia · Mediawiki · CVE-2010-1647
**Name of the Vulnerable Software and Affected Versions**
MediaWiki versions 1.15 before 1.15.4
MediaWiki versions 1.16 before 1.16 beta 3
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
**Recommendations**
For MediaWiki versions 1.15 before 1.15.4, update to version 1.15.4 or later.
For MediaWiki versions 1.16 before 1.16 beta 3, update to version 1.16 beta 3 or later.