A stored-self XSS exists in ATutor through v2.2.4, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atutor atutor |