Description
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.
Remediation
References
Related Vulnerabilities
WordPress Plugin Genesis Columns Advanced Cross-Site Scripting (2.0.3)
WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Request Forgery (3.4.9.9)
WordPress Incorrect Default Permissions Vulnerability (CVE-2011-1762)