Published: 10/07/2006 Updated: 08/03/2011

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 285

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Subscribe to Adaptive Technology Resource Centre

Multiple cross-site scripting (XSS) vulnerabilities in ATutor prior to 1.5.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adaptive technology resource centre atutor 1.5.1
adaptive technology resource centre atutor 1.5.1_pl1
adaptive technology resource centre atutor 1.5.1_pl2
adaptive technology resource centre atutor 1.5.3_rc2

source: wwwsecurityfocuscom/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code execute in the browser of an unsuspecting user in t ...

source: wwwsecurityfocuscom/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code execute in the browser of an unsuspecting user in the c ...

source: wwwsecurityfocuscom/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code execute in the browser of an unsuspecting user in the ...

source: wwwsecurityfocuscom/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code execute in the browser of an unsuspecting user in the con ...

source: wwwsecurityfocuscom/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage any of these issues to have arbitrary script code execute in the browser of an unsuspecting user in the conte ...

NVD-CWE-Other http://www.atutor.ca/view/3/8341/1.html http://www.securityfocus.com/bid/18857 http://secunia.com/advisories/20941 http://www.osvdb.org/27020 http://www.osvdb.org/27021 http://www.osvdb.org/27023 http://www.osvdb.org/27019 http://www.osvdb.org/27022 http://www.vupen.com/english/advisories/2006/2691 https://nvd.nist.gov https://www.exploit-db.com/exploits/28180/

CVE-2006-3484

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect