Vulnerabilities > Twilightcms > Twilight CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-09 | CVE-2013-4900 | Path Traversal vulnerability in Twilightcms Twilight CMS 5.17 Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request. | 5.0 |
2013-09-09 | CVE-2013-4899 | Cross-Site Scripting vulnerability in Twilightcms Twilight CMS 5.17 Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page. | 4.3 |
2009-11-04 | CVE-2009-3856 | Cross-site Scripting vulnerability in Twilightcms Twilight CMS Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. | 4.3 |