Red Hat Bugzilla – Bug 231729
trac < 0.10.3.1 XSS
Last modified: 2007-11-30 17:11:58 EST
"The vulnerability is caused due to an error within the "download wiki page as
text" function, which can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site. Successful
exploitation may require that the victim uses IE."
Based on version numbers, all FE5+ releases affected.
(No CVE id yet AFAIK)
I've updated trac in CVS to 0.10.3.1 and submitted builds, but the packages
haven't been pushed out to the mirrors yet.