CVE-2014-9367

Name of the Vulnerable Software and Affected Versions TWiki versions 6.0.0 through 6.0.1

Description The issue is related to an incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm. This allows remote attackers to conduct cross-site scripting (XSS) attacks via a single quote in the scope parameter to the "do/view/TWiki/WebSearch" endpoint.

Recommendations For TWiki versions 6.0.0 and 6.0.1, consider updating to a version that includes a fix for this issue, as no specific mitigation measures are provided in the input data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.