2 matches found
CVE-2021-24873 Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting
The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24873
The CVE-2021-24873 entry relates to the Tutor LMS WordPress plugin (before 1.9.11) and a Reflected Cross-Site Scripting issue on the Student Registration page caused by insufficient sanitisation/escaping of user input in output attributes. Affected component: Tutor LMS plugin for WordPress; root ...