CVE-2015-8006 Information

Description

Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title.

Reference

http://www.securitytracker.com/id/1034028 https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html https://phabricator.wikimedia.org/T111029