Facing an issue where-in there is cross-site scripting validation possible, with a malicious XSS Regex placed, the load.php file, goes ahead and parses the same. Faced this issue while security testing of MediaWiki instance.
MediaWiki: 1.18.2 PHP: 5.3 DB: PostgreSql: 9.2
Please find the screenshot as below:
For policy and network restriction reasons cannot share the Wiki itself as not yet secured permission for hosting the same on internet by the client.