CVE-2004-2017

Name of the Vulnerable Software and Affected Versions Turbo Traffic Trader C (TTT-C) version 1.0

Description The issue allows remote attackers to inject arbitrary HTML or web script via multiple vectors, including the link parameter to "ttt-out", the X-Forwarded-For header in a GET request to "ttt-in", the Referer header in a GET request to "ttt-in", or the site name or site URL fields in the main control panel.

Recommendations For Turbo Traffic Trader C (TTT-C) version 1.0, consider disabling the link parameter in "ttt-out", restricting access to the "ttt-in" endpoint, and limiting user input in the site name and site URL fields until a patch is available. Additionally, as a temporary workaround, restrict the use of the X-Forwarded-For and Referer headers in GET requests to "ttt-in".