Toendacms@* Security Vulnerabilities and Issues — Toendacms@* CVE List

Lucene search

Toenda Software DevelopmentToendacms*

5 matches found

CVE•added 2005/11/16 7:42 a.m.•44 views

CVE-2005-3550

Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.

5CVSS6.8AI score0.03482EPSS

CVE•added 2005/11/16 7:42 a.m.•40 views

CVE-2005-3551

toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file.

5CVSS6.2AI score0.00346EPSS

CVE•added 2006/08/07 7:4 p.m.•36 views

CVE-2006-4016

Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3CVSS6AI score0.00507EPSS

CVE•added 2005/12/16 11:3 a.m.•31 views

CVE-2005-4277

Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3CVSS6AI score0.00622EPSS

CVE•added 2006/06/03 10:2 a.m.•31 views

CVE-2006-2799

Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.

6.8CVSS5.6AI score0.01009EPSS