Vulnerabilities > Tomaz Muraus > Open Blog > 1.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-08-17 | CVE-2010-3030 | Cross-Site Request Forgery (CSRF) vulnerability in Tomaz-Muraus Open Blog 1.2.1 Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | 6.8 |
| 2010-08-16 | CVE-2010-3026 | Cross-Site Request Forgery (CSRF) vulnerability in Tomaz-Muraus Open Blog 1.2.1 Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges. | 4.3 |
| 2010-08-16 | CVE-2010-3025 | Cross-Site Scripting vulnerability in Tomaz-Muraus Open Blog 1.2.1 Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit. | 4.3 |