CVE-2005-3165 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) math tags or (2) Extension or nowiki sections that \bypass HTML style attribute restrictions\ that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

Reference

http://lwn.net/Articles/153906/ http://secunia.com/advisories/16932 http://sourceforge.net/project/shownotes.php?release_id=352777