Vulnerability Details CVE-2010-1515
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v2 Score 2.6
References
- http://holisticinfosec.org/content/view/148/45/
- http://secunia.com/advisories/39680
- http://secunia.com/secunia_research/2010-58/
- http://www.securityfocus.com/bid/40544
- http://holisticinfosec.org/content/view/148/45/
- http://secunia.com/advisories/39680
- http://secunia.com/secunia_research/2010-58/
- http://www.securityfocus.com/bid/40544
Products affected by CVE-2010-1515
-
cpe:2.3:a:tomatocms:tomatocms:*
-
cpe:2.3:a:tomatocms:tomatocms:2.0.0
-
cpe:2.3:a:tomatocms:tomatocms:2.0.1
-
cpe:2.3:a:tomatocms:tomatocms:2.0.2
-
cpe:2.3:a:tomatocms:tomatocms:2.0.3
-
cpe:2.3:a:tomatocms:tomatocms:2.0.3.1430
-
cpe:2.3:a:tomatocms:tomatocms:2.0.3.1622
-
cpe:2.3:a:tomatocms:tomatocms:2.0.4
-
cpe:2.3:a:tomatocms:tomatocms:2.0.5