Last modified: 2006-05-23 04:16:56 UTC
(copied from email) Hi All, Second MediaWiki 1.6.5 JavaScript Execution Vulnerability in the Parser. Unlike the previous one, this one affects the live Wikipedia too (i.e. tidy does not prevent it). Vuln is here: http://nickj.org/MediaWiki/Parser25 And also on the wikipedia here: http://en.wikipedia.org/wiki/User:Nickj/JS-vuln-2 And the full list of Parser problems is here: http://nickj.org/MediaWiki (Anything with yellow or red in the "Security aspects?" column is a potential or actual JS execution problem, respectively; everything else is an HTML validation problem). All the best, Nick.
Fixed on trunk in r14349.