NA

CVE-2010-0971

Published: 16/03/2010 Updated: 17/08/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 215
Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.

Affected Products

Vendor Product Versions
AtutorAtutor1.6.4

Exploits

Topic : ATutor 164 Bugs Type : Cross Site Scripting (all of them) Credit : ItSecTeam Remote : Yes Status : Bug # mail : Bug@ItSecTeamcom # Dork : "ATutor 164" #Special Tnx : am!rkh@n, Amin Shokohi(Pejvak), C0M0D0, 0xd41684c654, r3dmove And All It Security Team Members #Website : WwWITSecTeamcom ########################## Exploit ########## ...