CVE-2018-20212 (twiki)

bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
Source: NIST