Vulnerabilities > CVE-2004-2193 - Cross-Site Scripting vulnerability in Cjoverkill 4.0.3

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
cjoverkill
nessus

Summary

Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters.

Vulnerable Configurations

Part Description Count
Application
Cjoverkill
1

Nessus

NASL familyCGI abuses : XSS
NASL idCJOVERKILL_XSS.NASL
descriptionThe remote server runs a version of CjOverkill, a free traffic trading script that is as old as or older than version 4.0.3. The remote version of this software is affected by a cross-site scripting vulnerability in the script
last seen2020-06-01
modified2020-06-02
plugin id15462
published2004-10-12
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15462
titleCjOverkill trade.php Multiple Method XSS