The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/33040 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305 http://www.securitytracker.com/alerts/2008/Dec/1021351.html http://www.securitytracker.com/alerts/2008/Dec/1021352.html https://www.it-isac.org/postings/cyber/alertdetail.php?id=4513 http://xforce.iss.net/xforce/xfdb/45293 http://www.vuxml.org/freebsd/f98dea27-d687-11dd-abd1-0050568452ac.html

The following package is affected: twiki CVE-2008-5304 Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. CVE-2008-5305 Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.