Debian Linux Security Advisory 2596-1 - Thorsten Glaser discovered that the RSSReader extension for mediawiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the mediawiki pages.
79eaf44e7b6a8917207a8d8381616b357b2d89121c8130a3ba8f445f8ae2b581