Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka “CSS injection vulnerability.”
lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
osvdb.org/70770
secunia.com/advisories/43142
www.securityfocus.com/bid/46108
www.vupen.com/english/advisories/2011/0273
bugzilla.wikimedia.org/show_bug.cgi?id=27093
exchange.xforce.ibmcloud.com/vulnerabilities/65126