MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki 1.37 and earlier versions. The vulnerability stems from the fact that the action field is not fully escaped and filtered for user input, which allows attackers to conduct cross-site scripting attacks through this vulnerability.