Vulnerabilities > Tomatocms > Tomatocms > 2.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-15 | CVE-2010-1515 | Cross-Site Scripting vulnerability in Tomatocms Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO. | 2.6 |
2010-06-15 | CVE-2010-1514 | Multiple Security vulnerability in TomatoCMS Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory. network tomatocms | 6.0 |