exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

TomatoCMS Eight Cross Site Scripting
Posted Jun 4, 2010
Site secunia.com

Secunia Research has discovered some vulnerabilities in TomatoCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "keyword" and "article-id" parameters to index.php/admin/news/article/list, the "keyword" parameter to index.php/admin/multimedia/set/list, the "keyword" and "fileId" parameters to index.php/admin/multimedia/file/list, and the "name", "email", and "address" parameters to index.php/admin/ad/client/list is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the users browser in context of the affected site.

tags | advisory, arbitrary, php, vulnerability, xss
advisories | CVE-2010-1515
SHA-256 | b08aeb40643c7328f71315e0658ec49b7c143d96320d7228e2baa16637965e20
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close