Mediawiki 1.17.5, 1.18.4, and 1.19.1 were released today to fix a XSS vulnerability in the useland http parameter [1]. [1] https://bugzilla.wikimedia.org/show_bug.cgi?id=36938 While 1.16.x isn't explicitly mentioned (and is what is currently shipping in Fedora), the liklihood of it being affected is high. It is also really old and out-of-date, so it might be prudent to update to one of the supported versions.
Created mediawiki tracking bugs for this issue Affects: fedora-all [bug 831879]
Created mediawiki116 tracking bugs for this issue Affects: epel-all [bug 831880]
Added CVE as per http://www.openwall.com/lists/oss-security/2012/06/14/2