ONsec.ru Russian security team

1 exploit Active since Nov 2009
CVE-2009-3856 EXPLOITDB text WORKING POC
Twilight CMS < 4.1 - Cross-Site Scripting via News Calendar Parameter
Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information.