Wikimedia · Mediawiki · CVE-2006-2611
**Name of the Vulnerable Software and Affected Versions**
MediaWiki versions 1.6.x before r14349
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary Javascript. The issue involves the variable handler in the includes/Sanitizer.php file, possibly through the usage of the | (pipe) character.
**Recommendations**
For MediaWiki versions 1.6.x before r14349, update to a version that includes the fix for this issue, specifically a version after r14349. As a temporary workaround, consider restricting the usage of the | (pipe) character in user input to minimize the risk of exploitation.