Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 20/05/2010 Updated: 17/08/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS prior to 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tomatocms tomatocms
tomatocms tomatocms 2.0.3.1622
tomatocms tomatocms 2.0.3.1430
tomatocms tomatocms 2.0.3
tomatocms tomatocms 2.0.2
tomatocms tomatocms 2.0.1
tomatocms tomatocms 2.0.0

CWE-79 http://www.securityfocus.com/bid/40108 http://osvdb.org/64552 http://osvdb.org/64553 http://osvdb.org/64554 http://secunia.com/advisories/39320 http://holisticinfosec.org/content/view/141/45/https://exchange.xforce.ibmcloud.com/vulnerabilities/58492 https://exchange.xforce.ibmcloud.com/vulnerabilities/58491 https://exchange.xforce.ibmcloud.com/vulnerabilities/58475 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1996

Vulnerability Summary

References

Vulmon Search

About

Products

Connect