Hi All, There's a MediaWiki client-side JavaScript execution vulnerability here: http://nickj.org/MediaWiki/Parser24 (Just move your cursor over the underlined text - if you see a popup dialog box, then there's a problem). Affects MediaWiki 1.6.5 (current stable). Also happens in 1.6.1, so probably sensible to assume 1.6.x <= 1.6.5 is affected. All the best, Nick.