Unrated severityNVD Advisory· Published Jun 15, 2010· Updated Jun 16, 2026
CVE-2010-2281
CVE-2010-2281
Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- secunia.com/advisories/39680nvdVendor Advisory
- holisticinfosec.org/content/view/148/45/nvd
News mentions
0No linked articles in our index yet.