TWiki Multiple Cross-Site Scripting Vulnerabilities - Jan15

Summary
This host is installed with TWiki and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application
Solution
Update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
Insight
Multiple errors exist as input related to 'QUERYSTRING' and 'QUERYPARAMSTRING' is not properly sanitised within lib/TWiki.pm and lib/TWiki/UI/View.pm before being returned to the user.
Affected
TWiki versions 6.0.1
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References