From secunia security advisory at $URL: Description: 1) Input passed to the "newtopic" parameter in bin/view/Main/Jump (when "template" is set to "WebCreateNewTopic") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the URL to pages containing a slideshow presentation using the SlideShowPlugin is not properly sanitised in lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 5.0.2. Prior versions may also be affected. Solution: Update to version 5.1.0. Original Advisory: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010
CVE-2011-3010 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3010): Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
package has been removed from tree
(In reply to comment #2) > package has been removed from tree Thanks. Closing noglsa since twiki was only ever ~arch.
