there's a persistent cross site scripting vulnerability affecting mediawiki when SVG file is uploaded to mediawiki.
I have uploaded a POC svg file
steps to reproduce are simple
- log in mediawiki
- visit /index.php/Special:Upload
- upload the poc.svg.
- once uploaded, visit the file.
- see the alert message.