"The vulnerability is caused due to an error within the "download wiki page as
text" function, which can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site. Successful
exploitation may require that the victim uses IE."
Based on version numbers, all FE5+ releases affected.
(No CVE id yet AFAIK)
I've updated trac in CVS to 0.10.3.1 and submitted builds, but the packages
haven't been pushed out to the mirrors yet.