CVE-2009-2376

Name of the Vulnerable Software and Affected Versions TangoCMS versions prior to 2.3.0

Description A cross-site scripting (XSS) issue exists in the Html::textarea function, allowing remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module.

Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Contact module until the update is applied. Avoid using the value parameter in the affected Html::textarea function until the issue is resolved.