The MediaWiki 1.22.6 and 1.21.9 releases fix a cross-site scripting issue. Viewing a malicious page with action=info could lead to arbitrary web script execution in the context of the victim's session. This issue does not appear to affect any version in EPEL. References: http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html https://bugzilla.wikimedia.org/show_bug.cgi?id=63251 https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 1091969]