2 matches found
CVE-2021-25017
The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2021-25017
The CVE-2021-25017 entry concerns the Tutor LMS WordPress plugin, specifically versions before 1.9.12, where the search parameter is not escaped before being echoed back into an admin-page attribute, causing a Reflected Cross-Site Scripting (XSS) vulnerability. The affected component is the admin...