Description
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Joxean Koret · textwebappsphp
https://www.exploit-db.com/exploits/24617
References (7)
Core 7
Core References
Product x_refsource_confirm
http://cvs.sourceforge.net/viewcvs.py/tutos/tutos/php/app_new.php?r1=1.58&r2=1.59
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17445
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-980
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/375757
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12606/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11221
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18954
Scores
EPSS
0.1038
EPSS Percentile
93.2%
Details
Status
published
Products (1)
tutos/tutos
1.1_2004-04-14
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026