Cross-Site Scripting (XSS)
mediawiki is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the label messages ChangesList special pages such as Special:RecentChanges and Special:Watchlist...