CVE-2010-1515
TomatoCMS 2.0.6 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO.
Scores
EPSS
0.0031
EPSS Percentile
53.8%
Classification
CWE
CWE-79
Status
published
Affected Products (10)
tomatocms/tomatocms
< 2.0.6
tomatocms/tomatocms
tomatocms/tomatocms
tomatocms/tomatocms
tomatocms/tomatocms
tomatocms/tomatocms
tomatocms/tomatocms
tomatocms/tomatocms
tomatocms/tomatocms
n/a/n/a
Timeline
Published
Jun 15, 2010
Tracked Since
Feb 18, 2026