Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

VulnCheck KEV: CVE-2021-24184

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

VulnCheck KEV: CVE-2021-24183

The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

MediaWiki 安全漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation, which can be used to deploy in-house knowledge management and content management systems. An authorization error vulnerability exists in the MediaWiki GrowthExperiments extension, which could be exploited by ...

CVE-2022-2563

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugin Tutor LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-2563 Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2563 Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-17422 · WordPress · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS WordPress plugin versions prior to 2.0.10 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

CVE-2022-2563

CVE-2022-2563 affects the Tutor LMS WordPress plugin

WordPress Tutor LMS plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by lucy in WordPress Tutor LMS plugin versions = 2.0.9. Solution Update the WordPress Tutor LMS plugin to the latest available version at least 2.0.10...

Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/Edit a Course, add a new Topic and put the following...

Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/Edit a Course, add a new Topic and put the followi...

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 https://example.com/wp-admin/post.php?post=1369&action=edit&settingstab=general&a'alert/XSS/...

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 PoC https://example.com/wp-admin/post.php?post=1369=edittab=general'...

Online Tutor Portal Site Cross-Site Scripting Vulnerability

Online Tutor Portal Site is an online tutor portal. It is used to provide an online platform for individuals who are looking for and offering tutoring services. A cross-site scripting vulnerability exists in Online Tutor Portal Site version v1.0, which stems from a lack of filtering and escaping ...

Online Tutor Portal Site SQL Injection Vulnerability

Sourcecodester Online Discussion Forum Site is an application of Sourcecodester. A SQL injection vulnerability exists in Online Tutor Portal Site v1.0, which originates from /otps/classes/Master.php?f=deleteteam missing SQL data filter escaping. An attacker could use this vulnerability to execute...

CVE-2022-31912

Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=deleteteam...

CVE-2022-31912

Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=deleteteam...