This host is running Todayu and is prone to cross site scripting vulnerabilities.

Successful exploitation could allow execution of scripts or actions written by an attacker. In addition, an attacker may obtain authorization cookies that would allow him to gain unauthorized access to the application. Impact Level: Application

Upgrade to version 2.1.1 or later, For updates refer to http://www.todoyu.com/community/download

The flaw is due to failure in the 'lib/js/jscalendar/php/test.php?' script to properly sanitize user supplied input in 'lang' parameter.

Todayu version 2.1.0 and prior

• http://packetstormsecurity.org/files/view/100695/Todoyu2.0.8-xss.txt
• http://www.securityhome.eu/exploits/exploit.php?eid=14706246374db10bfe6f4f71.12853295

---

Updated on 2015-03-25