Compass Security discovered an XSS vulnerability in DokuWiki's spellchecker backend.
Affected are all versions up to and including 2007-06-26 even when the spell checker is disabled.
A new updated release 2007-06-26b was made available at http://www.splitbrain.org/go/dokuwiki
You may fix the problem yourself by replacing the spell_utf8test() function in lib/exe/spellcheck.php with the following code:
If you fix it yourself you should increase the number in conf/msg to 10 for disabling update notification for this issue.