Vulnerabilities > Tomatocms > Tomatocms > 2.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-15 | CVE-2010-2282 | Cross-Site Request Forgery (CSRF) vulnerability in Tomatocms 2.0.6 Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | 5.1 |
2010-06-15 | CVE-2010-2281 | Cross-Site Scripting vulnerability in Tomatocms 2.0.6 Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO. | 4.3 |