Vulnerabilities > CVE-2004-2017 - Cross-Site Scripting and HTML Injection vulnerability in Turbotraffictrader C 1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

turbotraffictrader

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.

Vulnerable Configurations

Part	Description	Count
Application	Turbotraffictrader Turbotraffictrader Turbotraffictrader C 1.0	1

Exploit-Db

description	TurboTrafficTrader C 1.0 Multiple Cross-Site Scripting and HTML Injection Vulnerabilities. CVE-2004-2017. Webapps exploit for cgi platform
id	EDB-ID:24122
last seen	2016-02-02
modified	2004-05-17
published	2004-05-17
reporter	Kaloyan Olegov Georgiev
source	https://www.exploit-db.com/download/24122/
title	TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References