Vulnerabilities > CVE-2004-2162 - Remote Input Validation vulnerability in Tutos 1.120040414
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | TUTOS app_new.php t Parameter XSS. CVE-2004-2162. Webapps exploit for php platform |
| id | EDB-ID:24617 |
| last seen | 2016-02-02 |
| modified | 2004-09-20 |
| published | 2004-09-20 |
| reporter | Joxean Koret |
| source | https://www.exploit-db.com/download/24617/ |
| title | TUTOS app_new.php t Parameter XSS |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-980.NASL description Joxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2004-2161 A SQL injection vulnerability allows the execution of SQL commands through the link_id parameter in file_overview.php. - CVE-2004-2162 Cross-Site-Scripting vulnerabilities in the search function of the address book and in app_new.php allow the execution of web script code. last seen 2020-06-01 modified 2020-06-02 plugin id 22846 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22846 title Debian DSA-980-1 : tutos - several vulnerabilities NASL family CGI abuses NASL id TUTOS_SQL_XSS.NASL description The remote host is running Tutos, an open source team organization software package written in PHP. The remote version of this software is vulnerable to multiple input validation flaws that could allow an authenticated user to perform a cross-site scripting attack or a SQL injection against the remote service. last seen 2020-06-01 modified 2020-06-02 plugin id 14784 published 2004-09-21 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14784 title TUTOS < 1.2 Multiple Input Validation Vulnerabilities
References
- http://cvs.sourceforge.net/viewcvs.py/tutos/tutos/php/app_new.php?r1=1.58&r2=1.59
- http://secunia.com/advisories/12606/
- http://secunia.com/advisories/18954
- http://www.debian.org/security/2006/dsa-980
- http://www.securityfocus.com/archive/1/375757
- http://www.securityfocus.com/bid/11221
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17445