From the upstream advisory at $URL: Attack Vectors Attack can be done by viewing wiki pages or by logging in by issuing HTTP GET requests towards the TWiki server (usually port 80/TCP). Impact Specially crafted parameters open up XSS (Cross-Site Scripting) attacks. Severity Level The TWiki SecurityTeam triaged this issue as documented in TWikiSecurityAlertProcess and assigned the following severity level: * Severity 3 issue: TWiki content or browser is compromised. There is a new release available, and a patch at $URL.
CVE-2011-1838 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1838): Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
package has been removed from tree
(In reply to comment #2) > package has been removed from tree Thanks. Closing noglsa since twiki was only ever ~arch.