Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 up to and including 1.5.1-pl1 allow remote malicious users to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adaptive technology resource centre atutor 1.4.2 |
||
adaptive technology resource centre atutor 1.4.3 |
||
adaptive technology resource centre atutor 1.4.1 |
||
adaptive technology resource centre atutor 1.5.1 |
||
adaptive technology resource centre atutor 1.5.1_pl1 |