Published: 16/06/2005 Updated: 05/09/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 475

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Adaptive Technology Resource Centre

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote malicious users to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adaptive technology resource centre atutor 1.5_rc_1
adaptive technology resource centre atutor 1.4.3

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting u ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in t ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the con ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the conte ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting use ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the c ...

source: wwwsecurityfocuscom/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the ...

NVD-CWE-Other http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html http://www.securityfocus.com/bid/13972 http://www.osvdb.org/17351 http://www.osvdb.org/17352 http://www.osvdb.org/17353 http://www.osvdb.org/17354 http://www.osvdb.org/17355 http://www.osvdb.org/17356 http://www.osvdb.org/17357 http://www.osvdb.org/17358 http://www.osvdb.org/17359 http://securitytracker.com/id?1014216 https://nvd.nist.gov https://www.exploit-db.com/exploits/25834/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook