Lucene search
K

7 matches found

NVD
NVD
added 2010/06/15 2:30 p.m.18 views

CVE-2010-2281

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...

4.3CVSS5.5AI score0.00845EPSS
Exploits0References2
Prion
Prion
added 2010/06/15 2:30 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...

4.3CVSS5.8AI score0.00845EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2010/06/15 2:30 p.m.20 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password...

5.1CVSS7.7AI score0.00791EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2010/06/14 7:0 p.m.20 views

CVE-2010-2281

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...

5.5AI score0.00845EPSS
Exploits0References2
CVE
CVE
added 2010/06/14 7:0 p.m.43 views

CVE-2010-2282

The CVE-2010-2282 entry describes a Cross-site Request Forgery (CSRF) vulnerability in TomatoCMS 2.0.6. The issue allows remote attackers to hijack the authentication of administrators by issuing requests that change the administrative password. The connected sources confirm the affected software...

5.1CVSS7.3AI score0.00791EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/06/14 7:0 p.m.39 views

CVE-2010-2281

TomatoCMS 2.0.6 is affected by multiple XSS in index.php. Exploitable through (1) keyword or (2) bannerid with /admin/ad/banner/list, and through (3) title or (4) answers with /admin/poll/add, or (5) name with /admin/category/add. Root cause: unsanitized input in these parameters leading to scrip...

4.3CVSS5.5AI score0.00845EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/06/14 7:0 p.m.50 views

CVE-2010-1515

CVE-2010-1515 affects TomatoCMS 2.0.6 and earlier, with multiple XSS vulnerabilities in index.php. The issues arise from unsanitized inputs passed via PATH_INFO parameters across several admin pages (admin/news/article/list, admin/multimedia/set/list, admin/multimedia/file/list, admin/ad/client/l...

2.6CVSS5.9AI score0.01028EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder