Author: bugzilla
Description:
It looks like bug #28534 was re-introduced in MediaWiki 1.21.1.
Test URL: http://ossdepot.v-front.de/wiki/api%2Ephp?action=query&meta=siteinfo&format=json&siprop=%3Cbody%20onload=alert(document.cookie)%3E.shtml (This is a fresh 1.21.1 installation).
This was detected by a security scan via scanmyserver.com and confirmed by their support.
Version: unspecified
Severity: normal
URL: http://ossdepot.v-front.de/wiki/api%2Ephp?action=query&meta=siteinfo&format=json&siprop=%3Cbody%20onload=alert(document.cookie)%3E.shtml
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=28534