From the Red Hat bugzilla:
* An XSS vulnerability affecting all MediaWiki installations between
1.13.0 and 1.13.2. [CVE-2008-5249]
* A local script injection vulnerability affecting Internet Explorer
clients for all MediaWiki installations with uploads enabled.
[CVE-2008-5250]
* A local script injection vulnerability affecting clients with SVG
scripting capability (such as Firefox 1.5+), for all MediaWiki
installations with SVG uploads enabled. [CVE-2008-5250]
* A CSRF vulnerability affecting the Special:Import feature, for all
MediaWiki installations since the feature was introduced in 1.3.0.
[CVE-2008-5252]
CVE-2008-5687:
MediaWiki 1.11 through 1.13.3 does not properly protect against the
download of backups of deleted images, which might allow remote
attackers to obtain sensitive information via requests for files in
images/deleted/.
CVE-2008-5688:
MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails
variable is enabled, sometimes provides the full installation path in
a debugging message, which might allow remote attackers to obtain
sensitive information via unspecified requests that trigger an
uncaught exception.
| 