MediaWiki upstream has released:
v1.16.0 and v.1.15.5 versions of MediaWiki, addressing the following XSS flaw (from ):
A cross-site scripting (XSS) vulnerability was discovered in
profileinfo.php. The vulnerability is only exposed when the script is
explicitly enabled in LocalSettings.php, with $wgEnableProfileInfo = true.
This issue affects the versions of the mediawiki package, as shipped
with Fedora release of 12 and 13.
Created mediawiki tracking bugs for this issue
Affects: fedora-all [bug 620226]