CVE-2012-4901 – Template CMS 2.1.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4901
Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. Vulnerabilidad de XSS en Template CMS 2.1.1 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro themes_editor en una acción add_template a admin/index.php. Template CMS version 2.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/21742 http://osvdb.org/85895 http://www.securityfocus.com/bid/55766 https://www.htbridge.com/advisory/HTB23115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4902 – Template CMS 2.1.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4902
Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php. Múltiples vulnerabilidades de CSRF en Template CMS 2.1.1 y anteriores permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) crean un usuario de administración a través de una acción de añadir en admin/index.php o (2) realizan ataques de inyección de código PHP estáticos a través del parámetro themes_editor en una acción edit_template en admin/index.php. Template CMS version 2.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/21742 http://osvdb.org/85896 http://www.securityfocus.com/bid/55766 https://www.htbridge.com/advisory/HTB23115 • CWE-352: Cross-Site Request Forgery (CSRF) •