MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-8622

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12 1.24.x before 1.24.5 1.25.x before 1.25.4 and 1.26.x before 1.26.1 when is configured with a relative URL allows remote authenticated users to inject arbitrary web script or HTML via wikitext as demonstrated by a wikilink to a page named quotjavascript:alert(39XSS39).quot