CVE-2010-1995 in TomatoCMSinformazioni

Riassunto

di MITRE

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

20/05/2010

Divulgazione

20/05/2010

Moderazione

accettato

Voce

VDB-53288

CPE

pronto

CWE

CWE-79 (confermato)

CVSS

3.5 (VulDB)

EPSS

0.01014

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2010-1995
NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1995
CVE Details	https://www.cvedetails.com/cve/CVE-2010-1995/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!