Vulnerabilities > CVE-2004-2162 - Unspecified vulnerability in Tutos 1.120040414

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
tutos
nessus
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.

Vulnerable Configurations

Part Description Count
Application
Tutos
1

Exploit-Db

descriptionTUTOS app_new.php t Parameter XSS. CVE-2004-2162. Webapps exploit for php platform
idEDB-ID:24617
last seen2016-02-02
modified2004-09-20
published2004-09-20
reporterJoxean Koret
sourcehttps://www.exploit-db.com/download/24617/
titleTUTOS app_new.php t Parameter XSS

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-980.NASL
    descriptionJoxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2004-2161 A SQL injection vulnerability allows the execution of SQL commands through the link_id parameter in file_overview.php. - CVE-2004-2162 Cross-Site-Scripting vulnerabilities in the search function of the address book and in app_new.php allow the execution of web script code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22846
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22846
    titleDebian DSA-980-1 : tutos - several vulnerabilities
  • NASL familyCGI abuses
    NASL idTUTOS_SQL_XSS.NASL
    descriptionThe remote host is running Tutos, an open source team organization software package written in PHP. The remote version of this software is vulnerable to multiple input validation flaws that could allow an authenticated user to perform a cross-site scripting attack or a SQL injection against the remote service.
    last seen2020-06-01
    modified2020-06-02
    plugin id14784
    published2004-09-21
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14784
    titleTUTOS < 1.2 Multiple Input Validation Vulnerabilities