Hi All,
There is a mouseover user-specified JavaScript execution vulnerability
affecting MediaWiki 1.6.6 when running with two specific extensions.
One of those extension is installed on the Wikipedia, but the other is
not. Therefore the Wikipedia (and most MediaWiki installations) are
not affected.
Details have been provided to security(a)wikimedia.org as per the
instructions at:
http://www.mediawiki.org/wiki/Security , and will be
made public in due course at:
http://nickj.org/MediaWiki
All the best,
Nick.