According to this security release from Secunia, there's a cross-site scripting vulnerability with the Travelsized CMS package (PHP-based) in the main index file.
David Vieira-Kurz has discovered some vulnerabilities in Travelsized CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
The problem comes from the input parameters "page" and "langauge" not being verified and sanitized. Users are encouraged to go in and manually edit the source to correct the problem as there is no patch currently posted as of yet. You can get complete information about this issue from the full Secunia report.