CVE-2010-2788

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.15.5

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This occurs via the filter parameter when wgEnableProfileInfo is enabled.

Recommendations For versions prior to 1.15.5, update to version 1.15.5 or later to resolve the issue. As a temporary workaround, consider disabling wgEnableProfileInfo until a patch is available. Avoid using the filter parameter in the affected profileinfo.php file until the issue is resolved.