Published: 31/01/2013 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in ATutor prior to 2.1 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atutor atutor 1.5.3.1
atutor atutor 1.6.1
atutor atutor 1.4.2
atutor atutor 1.4.1
atutor atutor 1.3.1
atutor atutor 1.3
atutor atutor 2.0.2
atutor atutor 2.0.1
atutor atutor 1.6.4
atutor atutor 1.6
atutor atutor 1.5.1
atutor atutor 1.4.3
atutor atutor 1.2.2
atutor atutor
atutor atutor 1.5.4
atutor atutor 1.5.5
atutor atutor 1.5.3
atutor atutor 1.3.3
atutor atutor 1.3.2
atutor atutor 2.0.3
atutor atutor 1.5.3.2
atutor atutor 1.5.2
atutor atutor 1.4
atutor atutor 1.2.1
atutor atutor 1.0

source: wwwsecurityfocuscom/bid/51423/info ATutor is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the contex ...

CWE-79 http://archives.neohapsis.com/archives/bugtraq/2012-01/0094.html http://atutor.ca/atutor/change_log.php http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt http://www.securityfocus.com/bid/51423 http://secunia.com/advisories/47597 https://exchange.xforce.ibmcloud.com/vulnerabilities/72412 https://nvd.nist.gov https://www.exploit-db.com/exploits/36565/

CVE-2012-6528

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect