Secunia Research has discovered a vulnerability in DokuWiki, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "ns" POST parameter in lib/exe/ajax.php (when "call"
is set to "medialist" and "do" is set to "media") is not properly
sanitised within the "tpl_mediaFileList()" function in inc/template.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.