Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.
Gentoo Linux Security Advisory 201301-7 - Multiple vulnerabilities were found in DokuWiki, the worst of which leading to privilege escalation. Versions less than 20121013 are affected.