CVE-2014-9367

Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting XSS attacks via a "'" single quote in the scope parameter to do/view/TWiki/WebSearch...

CVE-2014-9367

TWiki 6.0.0 and 6.0.1 are affected by a cross-site scripting (XSS) vulnerability due to an incomplete blacklist in the urlEncode function of lib/TWiki.pm. The issue enables remote attackers to inject arbitrary script via a crafted scope parameter to do/view/TWiki/WebSearch. Impact is browser-exec...

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

TWiki 6.0.0 / 6.0.1 WebSearch Cross Site Scripting

This is an advisory for TWiki Administrators: A specially crafted URL parameter to the WebSearch topic may expose a cross-site scripting vulnerability. TWiki http://twiki.org is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. Vulnerable Software Version...