Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local malicious user to execute arbitrary code via a crafted script