http://secunia.com/advisories/24470 http://trac.edgewall.org/wiki/ChangeLog#a0.10.3.1 "The vulnerability is caused due to an error within the "download wiki page as text" function, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation may require that the victim uses IE." Based on version numbers, all FE5+ releases affected. (No CVE id yet AFAIK)
I've updated trac in CVS to 0.10.3.1 and submitted builds, but the packages haven't been pushed out to the mirrors yet.