Scan report for "admin.tuitionlk.com"
Summary
Found
34
Duration
1min 32sec
Date
2026-05-17
IP
98.84.224.111
Report
Nikto scan (max 60 sec) (nikto -host admin.tuitionlk.com -maxtime 60)
- Nikto v2.6.0
---------------------------------------------------------------------------
+ Target IP: 98.84.224.111
+ Target Hostname: admin.tuitionlk.com
+ Target Port: 80
+ Platform: Unknown
+ Start Time: 2026-05-17 15:20:06 (GMT-4)
---------------------------------------------------------------------------
+ Server: Netlify
+ Multiple IPs found: 98.84.224.111, 18.208.88.157, 2600:1f18:16e:df01::259, 2600:1f18:16e:df01::258
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+ [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [000702] /themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000703] /index.php?option=search&searchword=<script>alert(document.cookie);</script>: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS).
+ [000704] /emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000705] /emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000706] /emailfriend/emailarticle.php?id=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000707] /administrator/upload.php?newbanner=1&choice=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS).
+ [000708] /administrator/popups/sectionswindow.php?type=web&link=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000709] /administrator/gallery/view.php?path=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000710] /administrator/gallery/uploadimage.php?directory=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000711] /administrator/gallery/navigation.php?directory=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000712] /administrator/gallery/gallery.php?directory=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204
+ [000714] /https-admserv/bin/index?/<script>alert(document.cookie)</script>: Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks.
+ [000715] /clusterframe.jsp?cluster=<script>alert(document.cookie)</script>: Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack.
+ [000717] /upload.php?type=\"<script>alert(document.cookie)</script>: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS).
+ [000718] /soinfo.php?\"><script>alert('Vulnerable')</script>: The PHP script soinfo.php is vulnerable to Cross Site Scripting. Set expose_php = Off in php.ini. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1954
+ [000725] /servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>: NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS).
+ [000730] /servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>: The NetDetector install is vulnerable to Cross Site Scripting (XSS) in its invalid login message.
+ [000734] /SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulnerable')</script>: Site Server is vulnerable to Cross Site Scripting.
+ [000735] /_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</script>: Site Server is vulnerable to Cross Site Scripting.
+ [000741] /webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS).
+ [000776] /user.php?op=userinfo&uname=<script>alert('hi');</script>: The PHP-Nuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1.
+ [000777] /user.php?op=confirmnewuser&module=NS-NewUser&uNikto=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS).
+ [000780] /templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>: MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS).
+ [000782] /supporter/index.php?t=updateticketlog&id=<script><script>alert('Vulnerable')</script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931
+ [000783] /supporter/index.php?t=tickettime&id=<script><script>alert('Vulnerable')</script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931
+ [000784] /supporter/index.php?t=ticketfiles&id=<script><script>alert('Vulnerable')</script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931
+ [000785] /sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page.
+ [000786] /submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524
+ [000787] /ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732
+ Scan terminated: 4 errors and 34 items reported on the remote host
+ End Time: 2026-05-17 15:21:38 (GMT-4) (92 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Detailed report
-
Target
admin.tuitionlk.com
-
Target IP
98.84.224.111
-
Scan method
Nikto scan (max 60 sec)
-
Run command
nikto -host admin.tuitionlk.com -maxtime 60
- Duration
- Quick report
-
Scan date
17 May 2026 15:21
-
Copy scan report
- Download report
- Remove scan result
- Check ports
- API - Scan ID