First published: Wed Dec 31 2014(Updated: )
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Twiki Twiki | =6.0.0 | |
Twiki Twiki | =6.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.