Debian Security Advisory DSA 2957-1 (mediawiki - security update)
Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack. OpenVAS Vulnerability Test $Id:...