It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash and clickjacking between OutputPage and ParserOutput . The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.