Moshe Bar

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.8.2 and earlier MediaWiki versions 1.9.x before 1.9.0rc2 Description: The issue is related to a cross-site scripting (XSS) vulnerability in the AJAX features of the index.php file. This allows remote attackers to inject arbitrary web script or HTML via the `rs` parameter. Recommendations: For MediaWiki versions 1.8.2 and earlier, update to a version later than 1.8.2 to resolve the issue. For MediaWiki versions 1.9.x before 1.9.0rc2, update to version 1.9.0rc2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rs` parameter in the affected AJAX features until a patch is available.