Hello, Am Dienstag, 11. März 2008 schrieb Andreas Gohr: > Here is an example of a plugin page with a marked security problem: > http://wiki.splitbrain.org/plugin:dailymotion I am just a beginner with PHP and tried to find the XSS vulnerability here. Is it really XSS than can be used from outside without write access to the wiki page (by attaching some argument to the address)? Or is it something "only" a user of the wiki can utilise? If it is the latter, I think all (or most of the) plugins that embed some media files / player from other sites (like youtube, slideshare, etc.) are vulnerable, too. Yours Uwe Koloska -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist