Lucene search

[email protected]CVE-2010-1515

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-1515

2022-10-0316:20:59

CWE-79

[email protected]

web.nvd.nist.gov

cve

2010

1515

xss

vulnerabilities

tomatocms 2.0.6

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO.

Affected configurations

NVD

Node

tomatocmstomatocmsRange≤2.0.6

tomatocmstomatocmsMatch2.0.0

tomatocmstomatocmsMatch2.0.1

tomatocmstomatocmsMatch2.0.2

tomatocmstomatocmsMatch2.0.3

tomatocmstomatocmsMatch2.0.3.1430

tomatocmstomatocmsMatch2.0.3.1622

tomatocmstomatocmsMatch2.0.4

tomatocmstomatocmsMatch2.0.5

CPENameOperatorVersion
tomatocms:tomatocmstomatocmsle2.0.6
tomatocms:tomatocmstomatocmseq2.0.0
tomatocms:tomatocmstomatocmseq2.0.1
tomatocms:tomatocmstomatocmseq2.0.2
tomatocms:tomatocmstomatocmseq2.0.3
tomatocms:tomatocmstomatocmseq2.0.3.1430
tomatocms:tomatocmstomatocmseq2.0.3.1622
tomatocms:tomatocmstomatocmseq2.0.4
tomatocms:tomatocmstomatocmseq2.0.5

CPE	Name	Operator	Version
tomatocms:tomatocms	tomatocms	le	2.0.6
tomatocms:tomatocms	tomatocms	eq	2.0.0
tomatocms:tomatocms	tomatocms	eq	2.0.1
tomatocms:tomatocms	tomatocms	eq	2.0.2
tomatocms:tomatocms	tomatocms	eq	2.0.3
tomatocms:tomatocms	tomatocms	eq	2.0.3.1430
tomatocms:tomatocms	tomatocms	eq	2.0.3.1622
tomatocms:tomatocms	tomatocms	eq	2.0.4
tomatocms:tomatocms	tomatocms	eq	2.0.5

References

holisticinfosec.org/content/view/148/45/

secunia.com/advisories/39680

secunia.com/secunia_research/2010-58/

www.securityfocus.com/bid/40544

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Related for CVE-2010-1515

prion1 nvd1 cvelist1 seebug1