Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-12-31 13:59
Updated : 2015-01-02 17:28
NVD link : CVE-2014-9367
Mitre link : CVE-2014-9367
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
twiki
- twiki