Vulnerabilities > Twilightcms > Twilight CMS > 5.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-09 | CVE-2013-4900 | Path Traversal vulnerability in Twilightcms Twilight CMS 5.17 Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request. | 5.0 |
| 2013-09-09 | CVE-2013-4899 | Cross-Site Scripting vulnerability in Twilightcms Twilight CMS 5.17 Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page. | 4.3 |