CVE-2004-2017
published 2004-12-31CVE-2004-2017: Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.75%
84.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| turbotraffictrader | turbotraffictrader_c | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj45-c86v-23w5: Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1
ghsa_unreviewed·2022-04-29
CVE-2004-2017 [MEDIUM] GHSA-gj45-c86v-23w5: Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1
Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.
Red Hat
chromium-browser: possible command injection in mailto handling
vendor_redhat·2017-06-05·CVSS 7.5
CVE-2017-5078 [HIGH] chromium-browser: possible command injection in mailto handling
chromium-browser: possible command injection in mailto handling
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
No detection rules found.
Exploit-DB
Shopware 5.2.5/5.3 - Cross-Site Scripting
exploitdb·2018-01-21·CVSS 6.1
CVE-2017-15374 [MEDIUM] Shopware 5.2.5/5.3 - Cross-Site Scripting
Shopware 5.2.5/5.3 - Cross-Site Scripting
---
Document Title:
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1922
Shopware Security Tracking ID: SW-19834
Security Update:
http://community.shopware.com/Downloads_cat_448.html#5.3.4
http://community.shopware.com/_detail_2035.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15374
CVE-ID:
CVE-2017-15374
Release Date:
2017-09-05
Vulnerability Laboratory ID (VL-ID):
1922
Common Vulnerability Scoring System:
4.4
Vulnerability Class:
Cross Site Scripting - Persistent
Current Estimated Price:
1.000€ - 2.000€
Product & Service Introduction:
Shopware is a modular online shop system that is since 2004 developed in germany
Exploit-DB
TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
exploitdb·2004-05-17
CVE-2004-2017 TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
---
source: https://www.securityfocus.com/bid/10359/info
It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks.
The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to t
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108481571131866&w=2http://secunia.com/advisories/11623http://www.icefire.org/security/ttt-bugreport.txthttp://www.osvdb.org/6339http://www.osvdb.org/6340http://www.osvdb.org/6341http://www.osvdb.org/6342http://www.osvdb.org/6343http://www.osvdb.org/6344http://www.securityfocus.com/bid/10359https://exchange.xforce.ibmcloud.com/vulnerabilities/16164http://marc.info/?l=bugtraq&m=108481571131866&w=2http://secunia.com/advisories/11623http://www.icefire.org/security/ttt-bugreport.txthttp://www.osvdb.org/6339http://www.osvdb.org/6340http://www.osvdb.org/6341http://www.osvdb.org/6342http://www.osvdb.org/6343http://www.osvdb.org/6344http://www.securityfocus.com/bid/10359https://exchange.xforce.ibmcloud.com/vulnerabilities/16164
2004-12-31
Published