This host is installed with TWiki and is prone to cross-site scripting vulnerability.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

Update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367

The error esists as /do/view/TWiki/WebSearch script does not validate input passed via the 'scope' parameter.

TWiki versions 6.0.0 and 6.0.1

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://osvdb.org/116113
• http://seclists.org/fulldisclosure/2014/Dec/82
• http://www.securityfocus.com/archive/1/534289
• http://www.securitytracker.com/id/1031400

---

Updated on 2017-03-28