Input passed via the Organization field when registering or editing a user is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 5.1.1. Other versions may also be affected. Original Advisory: http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html
package has been removed from tree
(In reply to comment #1) > package has been removed from tree Thanks. Closing noglsa since twiki was only ever ~arch.