Description
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.
Remediation
References
Related Vulnerabilities
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)
WordPress Plugin Email Log Cross-Site Scripting (2.4.7)
WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1)
WordPress Plugin SP Rental Manager SQL Injection (1.5.3)
ReviveAdserver 7PK - Security Features Vulnerability (CVE-2016-9470)