Lucene search
Jiawang ZhangPACKETSTORM:151028HistoryJan 07, 2019 - 12:00 a.m.
TWiki 6.0.2 Cross Site Scripting
2019-01-0700:00:00
Jiawang Zhang
packetstormsecurity.com
58
EPSS
0.001
Percentile
43.7%
`# bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)
## Vulnerability Type
Cross Site Scripting (XSS)
## Vendor of Product:
twiki
## Affected Product Version
twiki - 6.0.2
## Affected Component
twiki/bin/statistics
## Attack Type
Remote
## Attack Vectors
/twiki/bin/statistics?webs=<script>alert(1)</script>
## Credit
This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC)
## Product Download
http://twiki.org/cgi-bin/view/Codev/DownloadTWiki
## References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20212
`
Related
cvelist
cvelist
CVE-2018-20212
2019-03-17 20:30:20
prion
prion
Cross site scripting
2019-03-21 16:00:00
openvas
openvas
TWiki < 6.1.0 XSS Vulnerability
2019-01-07 00:00:00
cve
cve
CVE-2018-20212
2019-03-21 16:00:35
ubuntucve
ubuntucve
CVE-2018-20212
2019-03-21 00:00:00
nvd
nvd
CVE-2018-20212
2019-03-21 16:00:35