Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
osvdb.org/31525
secunia.com/advisories/23647
secunia.com/advisories/24889
sourceforge.net/forum/forum.php?forum_id=652721
svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES
svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
www.novell.com/linux/security/advisories/2007_6_sr.html
www.securityfocus.com/bid/21956
www.vupen.com/english/advisories/2007/0096
exchange.xforce.ibmcloud.com/vulnerabilities/31359