1) Cross-Site Scripting (XSS) in Template CMS: CVE-2012-4901
Input passed via the "themes_editor" POST parameter to /admin/index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of an affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
2) Cross-Site Request Forgery (CSRF) in Template CMS: CVE-2012-4902
The application allows authorized administrator to perform certain actions via HTTP requests without making proper validity checks to verify the source of the requests. This can be exploited to add, delete or modify sensitive information, for example to create new administrator or execute arbitrary PHP code.
An attacker has to trick a logged-in administrator to visit a malicious web page containing the following code that will add a new administrator to the CMS: