2 matches found
CVE-2017-14981
Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...
CVE-2017-14981
ATutor before 2.2.3 contains a cross-site scripting (XSS) vulnerability due to insufficient filtering of data in the URL parameter used by /mods/_standard/rss_feeds/edit_feed.php. An attacker could inject arbitrary HTML/JavaScript that runs in the context of the affected site. The available docum...