CVE-2011-3010

Name of the Vulnerable Software and Affected Versions TWiki versions prior to 5.1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic, or the query string to SlideShow.pm in the SlideShowPlugin.

Recommendations For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebCreateNewTopic action and the SlideShowPlugin to minimize the risk of exploitation. Avoid using the newtopic parameter in the WebCreateNewTopic action until the issue is resolved.