CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-2281

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.5%

CVSS Severity

CVSS v2 Score 4.3

References

http://holisticinfosec.org/content/view/148/45/
http://secunia.com/advisories/39680
http://holisticinfosec.org/content/view/148/45/
http://secunia.com/advisories/39680

Products affected by CVE-2010-2281

Tomatocms » Tomatocms » Version: 2.0.6

cpe:2.3:a:tomatocms:tomatocms:2.0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-2281

Products

Pricing

Contact Us