Hi All,
Second MediaWiki 1.6.5 JavaScript Execution Vulnerability in the Parser.
Unlike the previous one, this one affects the live Wikipedia too (i.e.
tidy does not prevent it).
Vuln is here:
http://nickj.org/MediaWiki/Parser25
And also on the wikipedia here:
http://en.wikipedia.org/wiki/User:Nickj/JS-vuln-2
And the full list of Parser problems is here:
http://nickj.org/MediaWiki
(Anything with yellow or red in the "Security aspects?" column is a
potential or actual JS execution problem, respectively; everything
else is an HTML validation problem).
All the best,
Nick.