Hi All,
Second MediaWiki 1.6.5 JavaScript Execution Vulnerability in the Parser.
Unlike the previous one, this one affects the live Wikipedia too (i.e. tidy does not prevent it).
Vuln is here: http://nickj.org/MediaWiki/Parser25 And also on the wikipedia here: http://en.wikipedia.org/wiki/User:Nickj/JS-vuln-2
And the full list of Parser problems is here: http://nickj.org/MediaWiki (Anything with yellow or red in the "Security aspects?" column is a potential or actual JS execution problem, respectively; everything else is an HTML validation problem).
All the best, Nick.