TWiki 2.4.2 closes two security holes
Version 2.4.2 of the popular TWiki software for creating and managing structured wikis corrects two security-related issues among other flaws. One potentially allows unauthorised users to slip the web server arbitrary shell commands via the search feature. The other is a cross-site scripting hole that allows attackers to embed arbitrary JavaScript code into displayed web pages.
(trk)