Researcher : Mesut Timur <mesut [at]
TWiki® is a flexible, powerful, and easy to use enterprise wiki, enterprise collaboration platform, and web application platform. It is a Structured Wiki, typically used to run a project development space, a document management system, a knowledge base, or any other groupware tool, on an intranet, extranet or the Internet.
Example PoC url is as follows :
You can read the full article about Cross-Site Scripting vulnerabilities from here : /blog/web-security/cross-site-scripting-xss/
Upgrade to the latest TWiki version (5.1.0).
It has been discovered on testing of Netsparker, Web Application Security Scanner - /netsparker/.
Netsparker® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker's unique detection and exploitation techniques