Lucene search
+L

532 matches found

Prion
Prion
added 2019/01/29 6:29 p.m.13 views

Cross site scripting

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

4.3CVSS6AI score0.00865EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/01/29 6:29 p.m.22 views

CVE-2019-7172

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

6.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2019/01/29 6:29 p.m.14 views

CVE-2019-7172

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

6.1CVSS6.1AI score0.00865EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/01/29 6:0 p.m.23 views

CVE-2019-7172

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

6.3AI score0.00865EPSS
Exploits1References1
CVE
CVE
added 2019/01/29 6:0 p.m.47 views

CVE-2019-7172

ATutor up to version 2.2.4 contains a stored-self XSS vulnerability in the vulnerable Real Name field accessed via /mods/_core/users/admins/my_edit.php. The issue allows an attacker to inject HTML/JavaScript into user names, with the effect described as a stored XSS, but the provided documents do...

6.1CVSS6.2AI score0.00865EPSS
Exploits1References1Affected Software1
Circl
Circl
added 2018/05/29 3:50 p.m.4 views

CVE-2017-1000002

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/atutorfilemanagertraversal.rb...

9.8CVSS5.8AI score0.30833EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/18 12:0 a.m.5 views

ATutor cross-site scripting vulnerability (CNVD-2017-32279)

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in versions prior to Atutor 2.2.3, which stems from the progr...

5.4CVSS5.5AI score0.00596EPSS
Exploits1References1
CNVD
CNVD
added 2017/10/12 12:0 a.m.4 views

ATutor LMS Cross-Site Scripting Vulnerability

ATutor LMS is an open source web-based learning management system LCMS. The system provides course settings, textbook package downloads, multiple reading options, and other features. A cross-site scripting vulnerability exists in ATutor LMS version 2.2. A remote attacker can exploit this...

5.4CVSS5.5AI score0.00666EPSS
Exploits1References1
NVD
NVD
added 2017/10/10 4:29 p.m.18 views

CVE-2015-6521

Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...

5.4CVSS5.5AI score0.00666EPSS
Exploits1References2
Prion
Prion
added 2017/10/10 4:29 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...

3.5CVSS6.2AI score0.00666EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/10/10 4:0 p.m.55 views

CVE-2015-6521

ATutor LMS version 2.2 is affected by multiple cross-site scripting (XSS) vulnerabilities. The CNVD entry states a cross-site scripting flaw exists in ATutor LMS 2.2, allowing a remote attacker to inject arbitrary web script or HTML. The NVD entry corroborates XSS in ATutor LMS 2.2 with CVSS v3 b...

5.4CVSS5.4AI score0.00666EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/10/10 4:0 p.m.28 views

CVE-2015-6521

Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...

5.5AI score0.00666EPSS
Exploits1References2
OSV
OSV
added 2017/10/03 1:29 a.m.13 views

CVE-2017-14981

Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...

5.4CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2017/10/03 1:29 a.m.17 views

CVE-2017-14981

Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...

5.4CVSS5.2AI score0.00596EPSS
Exploits1References2
Prion
Prion
added 2017/10/03 1:29 a.m.19 views

Cross site scripting

Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...

3.5CVSS5.2AI score0.00596EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/10/02 1:0 a.m.16 views

CVE-2017-14981

Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...

5.2AI score0.00596EPSS
Exploits1References2
CVE
CVE
added 2017/10/02 1:0 a.m.69 views

CVE-2017-14981

ATutor before 2.2.3 contains a cross-site scripting (XSS) vulnerability due to insufficient filtering of data in the URL parameter used by /mods/_standard/rss_feeds/edit_feed.php. An attacker could inject arbitrary HTML/JavaScript that runs in the context of the affected site. The available docum...

5.4CVSS5.2AI score0.00596EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/08/31 10:29 p.m.15 views

CVE-2015-7711

Cross-site scripting XSS vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter...

6.1CVSS6.1AI score0.01644EPSS
Exploits3References4
Prion
Prion
added 2017/08/31 10:29 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter...

4.3CVSS6.1AI score0.01644EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2017/08/31 10:0 p.m.20 views

CVE-2015-7711

Cross-site scripting XSS vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter...

6.1AI score0.01644EPSS
Exploits3References4
Rows per page
Query Builder