7 matches found
CVE-2010-2281
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password...
CVE-2010-2281
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
CVE-2010-2282
The CVE-2010-2282 entry describes a Cross-site Request Forgery (CSRF) vulnerability in TomatoCMS 2.0.6. The issue allows remote attackers to hijack the authentication of administrators by issuing requests that change the administrative password. The connected sources confirm the affected software...
CVE-2010-2281
TomatoCMS 2.0.6 is affected by multiple XSS in index.php. Exploitable through (1) keyword or (2) bannerid with /admin/ad/banner/list, and through (3) title or (4) answers with /admin/poll/add, or (5) name with /admin/category/add. Root cause: unsanitized input in these parameters leading to scrip...
CVE-2010-1515
CVE-2010-1515 affects TomatoCMS 2.0.6 and earlier, with multiple XSS vulnerabilities in index.php. The issues arise from unsanitized inputs passed via PATH_INFO parameters across several admin pages (admin/news/article/list, admin/multimedia/set/list, admin/multimedia/file/list, admin/ad/client/l...