MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability

Summary
This host is running MediaWiki and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application
Solution
Upgrade to MediaWiki versions 1.16.0 or 1.15.5. For updates refer to http://www.mediawiki.org/wiki/Download
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'filter' parameter to profileinfo.php, which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
MediaWiki versions before 1.15.5
References