Launchpad.net

CVE 2006-1498

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.

See the CVE page on Mitre.org for more details.

References