Tutos 1.1 - 'File_Select.php' Cross-Site Scripting
| EKU-ID: 28289 | CVE: CVE-2003-0481;OSVDB-2192 | OSVDB-ID: |
| Author: François SORIN | Published: 2003-06-20 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28289 | CVE: CVE-2003-0481;OSVDB-2192 | OSVDB-ID: |
| Author: François SORIN | Published: 2003-06-20 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/8011/info It has been reported that Tutos does not properly handle input to the file_select script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site. http://www.example.com/tutos/file/file_select.php?msg=<hostile code>