Andy Webber of Oracle's Ethical Hacking Team discovered a XSS vulnerability in the Box plugin. A new version of the plugin is now available:
http://dokuwiki.jalakai.co.uk/index.html Details of the fix can be found at http://wiki.splitbrain.org/plugin:boxes#security_fix_2The update to the box plugin includes more than the patch for this issue.
- fix XSS vulnerability - adds box colours to the syntax.- fixes a problem whereby the box plugin would introduce a <P> at the start of the box contents (thanks to Bernd Zeimetz for discovering the problem and Stefan Kuchling for providing a patch.
--Chris -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist