Thread:Project:Support desk/Cross-site scripting on entry points

Facing an issue where-in there is cross-site scripting validation possible, with a malicious XSS Regex placed, the load.php file, goes ahead and parses the same. Faced this issue while security testing of MediaWiki instance.

MediaWiki: 1.18.2 PHP: 5.3 DB: PostgreSql: 9.2

Please find the screenshot as below:

For policy and network restriction reasons cannot share the Wiki itself as not yet secured permission for hosting the same on internet by the client.