4 matches found
VulnCheck KEV: CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2023-27008
ATutor 2.2.1 is affected by CVE-2023-27008: a reflected XSS in login.tmpl.php (encrypt_password()) via the token parameter. Exploitation can inject script/HTML into pages viewed by users. Mitigation: upgrade to ATutor 2.2.2 or newer; consider restricting access to login.tmpl.php. No exploit detai...