MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2013-6452

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10 1.2x before 1.21.4 and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.