Originally Posted by Chuck S
Not really sure there is no information on what they say the issue is
I am not sure why they classify the date field as a cross site security issue. This is not a field users in anyway input data too.
On page two of the secunia advisory, there's a link to the original advisory. That has some samples of using date to show the document cookie, hence the XSS designation.
One of their examples is:
which shows the cookie.