CVE-2006-2611

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.6.x before r14349

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary Javascript. The issue involves the variable handler in the includes/Sanitizer.php file, possibly through the usage of the | (pipe) character.

Recommendations For MediaWiki versions 1.6.x before r14349, update to a version that includes the fix for this issue, specifically a version after r14349. As a temporary workaround, consider restricting the usage of the | (pipe) character in user input to minimize the risk of exploitation.