Hi All,
There's a MediaWiki client-side JavaScript execution vulnerability here: http://nickj.org/MediaWiki/Parser24 (Just move your cursor over the underlined text - if you see a popup dialog box, then there's a problem).
Affects MediaWiki 1.6.5 (current stable). Also happens in 1.6.1, so probably sensible to assume 1.6.x <= 1.6.5 is affected.
All the best, Nick.
Please report security problems by private mail if possible so we can prepare a fix for the public before release. Thanks.
-- brion vibber (brion @ pobox.com)
wikitech-l@lists.wikimedia.org