CVE-2005-1715

An attacker crafts a URL containing malicious JavaScript in one of the vulnerable parameters (`m`, `s`, `ID`, `t`) and tricks a victim into clicking it. When the victim's browser loads the URL, the injected script executes in the context of the TOPo site, allowing the attacker to steal cookies, deface the page, or perform other actions. The same injection is possible through the comment form fields (name, website, email) when submitting a comment [ref_id=1].

The vulnerability resides in `index.php` of TOPo 2.2 (version 2.2.178). The `m`, `s`, `ID`, and `t` parameters are not validated before being reflected in the page output. Additionally, the "field name", "Your Web field", and "email field" in the comments section are also unvalidated [ref_id=1].

No patch or fix was available at the time of disclosure [ref_id=1]. The advisory recommends that the application properly validate and sanitize all user-supplied input before reflecting it in output. Without a fix, the only mitigation is to manually filter or escape the `m`, `s`, `ID`, `t`, and comment form fields in `index.php`.

1. Host a JavaScript payload (e.g., `js.js`) on an attacker-controlled server. 2. Craft a URL such as `http://[victim]/topo/index.php?m=top">