Immediacy · Immediacy .Net Cms · CVE-2006-5853
**Name of the Vulnerable Software and Affected Versions**
Immediacy .NET CMS version 5.2
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `lang` parameter. This parameter is returned to the client in a `lang` cookie.
**Recommendations**
For Immediacy .NET CMS version 5.2, consider restricting access to the `logon.aspx` page until a fix is available, and avoid using the `lang` parameter in this page to minimize the risk of exploitation.