1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA200905925

Twilight CMS "calendar" Cross-Site Scripting Vulnerability

Report ID: SA200905925
Source: Secunia
Date of Discovery: 02.11.2009
Criticality: Low
Affects:
Twilight CMS 4.x
Compromise From: From remote
Compromise Type: Cross site scripting

Summary

A vulnerability has been reported in Twilight CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Detailed Description

Input passed via the "calendar" parameter to /news/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution

Update to version 4.1.