Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/36558
https://bugzilla.redhat.com/show_bug.cgi?id=287881
http://www.vupen.com/english/advisories/2007/3130
http://www.securityfocus.com/bid/25632
http://secunia.com/advisories/26870
http://secunia.com/advisories/26772
http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html