| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_418188BE557704189AB11D01720601D85E08@qq.com> Date: Thu, 3 Jan 2019 08:19:21 +0800 From: "zzt0907" <16362505@...com> To: "fulldisclosure" <fulldisclosure@...lists.org> Subject: [FD] /bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212) # bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212) ## Vulnerability Type Cross Site Scripting (XSS) ## Vendor of Product: twiki ## Affected Product Version twiki - 6.0.2 ## Affected Component twiki/bin/statistics ## Attack Type Remote ## Attack Vectors /twiki/bin/statistics?webs=<script>alert(1)</script> ## Credit This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC) ## Product Download http://twiki.org/cgi-bin/view/Codev/DownloadTWiki ## References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20212 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists