Hi all! A problem in DokuWiki was discovered which let's malicious users to add arbitrary HTML or JavaScript into Wiki pages. An attacker could use this vulnerability to steal user cookies, redirect users to malicious pages or simply destroy the design of a page. The insert is possible because of a missing validation in handling email-, windowsshare- and external link syntax. Because DokuWiki's user cookies are encrypted, the risk is relative low but I recommend to fix these problems as soon as possible in your installations. The downloadable archive of release 2006-09-22 available at http://www.splitbrain.org/go/dokuwiki was updated to incorporate the needed fixes. Alternativly you can follow the instructions at http://bugs.splitbrain.org/?do=details&id=595 to fix the problems your self. Developers can upgrade via darcs of course. Regards Andi