CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 2CVE-2012-4901 – Template CMS 2.1.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4901
20 May 2015 — Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. Vulnerabilidad de XSS en Template CMS 2.1.1 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro themes_editor en una acción add_template a admin/index.php. • https://www.exploit-db.com/exploits/21742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2012-4902 – Template CMS 2.1.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4902
20 May 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php. Múltiples vulnerabilidades de CSRF en Template CMS 2.1.1 y anteriores permiten a atacantes remotos secuestrar la autenticación de adm... • https://www.exploit-db.com/exploits/21742 • CWE-352: Cross-Site Request Forgery (CSRF) •