532 matches found
Cross site scripting
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...
CVE-2019-7172
ATutor up to version 2.2.4 contains a stored-self XSS vulnerability in the vulnerable Real Name field accessed via /mods/_core/users/admins/my_edit.php. The issue allows an attacker to inject HTML/JavaScript into user names, with the effect described as a stored XSS, but the provided documents do...
CVE-2017-1000002
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/atutorfilemanagertraversal.rb...
ATutor cross-site scripting vulnerability (CNVD-2017-32279)
ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in versions prior to Atutor 2.2.3, which stems from the progr...
ATutor LMS Cross-Site Scripting Vulnerability
ATutor LMS is an open source web-based learning management system LCMS. The system provides course settings, textbook package downloads, multiple reading options, and other features. A cross-site scripting vulnerability exists in ATutor LMS version 2.2. A remote attacker can exploit this...
CVE-2015-6521
Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...
CVE-2015-6521
ATutor LMS version 2.2 is affected by multiple cross-site scripting (XSS) vulnerabilities. The CNVD entry states a cross-site scripting flaw exists in ATutor LMS 2.2, allowing a remote attacker to inject arbitrary web script or HTML. The NVD entry corroborates XSS in ATutor LMS 2.2 with CVSS v3 b...
CVE-2015-6521
Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...
CVE-2017-14981
Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...
CVE-2017-14981
Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...
Cross site scripting
Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...
CVE-2017-14981
Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...
CVE-2017-14981
ATutor before 2.2.3 contains a cross-site scripting (XSS) vulnerability due to insufficient filtering of data in the URL parameter used by /mods/_standard/rss_feeds/edit_feed.php. An attacker could inject arbitrary HTML/JavaScript that runs in the context of the affected site. The available docum...
CVE-2015-7711
Cross-site scripting XSS vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter...
CVE-2015-7711
Cross-site scripting XSS vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter...