CVE-2009-2376

TangoCMS <2.3.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module.

References (5)

Scores

EPSS 0.0036
EPSS Percentile 57.6%

Classification

CWE
CWE-79
Status published

Affected Products (15)

tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
tangocms/tangocms
n/a/n/a

Timeline

Published Jul 08, 2009
Tracked Since Feb 18, 2026