Thread:Project:Support desk/MediaWiki Version 1.13.3 as Enterprise Wiki?/reply (3)

Even if it is an intranet-only wiki, it is still potentially vulnerable since the browser likely doesn't know the difference (in that JavaScript could trigger a request to http://wiki.lan from any domain).