Lucene search
K

532 matches found

Nuclei
Nuclei
added 12 hours ago74 views

ATutor < 2.2.1 - Cross Site Scripting

ATutor 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting XSS, in ATtutor 2.2.1 via token body parameter. id: CVE-2023-27008 info: name: ATutor 2.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | ATutor 2.2.1 was discovered with a vulnerability, a...

6.1CVSS6.4AI score0.01499EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.13 views

CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS5.8AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.17 views

CVE-2026-6956

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS5.8AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 12:32 p.m.21 views

EUVD-2026-29048

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 12:32 p.m.35 views

EUVD-2026-29049

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 10:16 a.m.16 views

CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS0.00391EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 10:16 a.m.48 views

CVE-2026-6956

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS0.00391EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 9:40 a.m.3 views

CVE-2026-6956 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6.2AI score0.00391EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:40 a.m.5 views

CVE-2026-6956

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 9:40 a.m.9 views

CVE-2026-6956 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 9:40 a.m.29 views

CVE-2026-6956

ATutor is vulnerable to a Reflected XSS in the /install/install.php endpoint. An attacker can supply a crafted URL that, when opened, causes arbitrary JavaScript execution in the victim’s browser. The issue has been tested only on version 2.2.4; other versions were not tested but might also be vu...

5.1CVSS6AI score0.00391EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 9:40 a.m.71 views

CVE-2026-6956 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS0.00391EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:40 a.m.5 views

CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 9:40 a.m.7 views

CVE-2026-6909 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 9:40 a.m.53 views

CVE-2026-6909 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS0.00391EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 9:40 a.m.34 views

CVE-2026-6909

ATutor is affected by a Reflected XSS in the /install/upgrade.php endpoint. It allows arbitrary JavaScript execution in a victim’s browser when a crafted URL is opened. Only version 2.2.4 has been tested and confirmed vulnerable; other versions have not been tested but might also be vulnerable. T...

5.1CVSS6AI score0.00391EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 9:40 a.m.3 views

CVE-2026-6909 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6.2AI score0.00391EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.16 views

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

5.1CVSS5.9AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

5.1CVSS5.9AI score0.00391EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.19 views

PT-2026-39591

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References3
Rows per page
Query Builder