Nick Jenkins wrote:
There is a mouseover user-specified JavaScript
execution vulnerability
affecting MediaWiki 1.6.6 when running with two specific extensions.
Specifically this is with the experimental <sort> extension. Nobody should be
using that one just yet, as it's still under development.
-- brion vibber (brion @
pobox.com)