TWiki Cross-Site Scripting and Command Injection Vulnerabilities

Versions of Twiki earlier than 4.2.4 are vulnerable to code execution
due to improper data filtering.

It is recommended to update to the latest version of twiki, currently 4.3.

It should be noted this is a Priority 1, Severity 1 issue.

Priority 1: This vulnerability is the most severe. It is actively being
exploited, or exploitation is imminent. Other outside businesses or
schools are actively being exploited.

Severity 1: This vulnerability is the most severe. It poses high risk to
the other groups/schools or the entire Institute as a whole. This also
may be a vulnerability that puts the image of the Institute at risk.

One method to mitigate this risk is to turn off twiki until you can
upgrade, disable your web service, or shutdown your webserver.

We can also block your server at the firewall upon request.