CVE-2007-1054

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.6.x through 1.9.2

Description: A cross-site scripting (XSS) issue exists in the AJAX features of index.php, allowing remote attackers to inject arbitrary web script or HTML. This occurs when $wgUseAjax is enabled and a UTF-7 encoded value of the rs parameter is processed by Internet Explorer.

Recommendations: For MediaWiki versions 1.6.x through 1.9.2, consider disabling the $wgUseAjax feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the index.php file to minimize the risk of arbitrary web script or HTML injection. Avoid using the rs parameter in the affected AJAX endpoint until the issue is resolved.