4 matches found
EUVD-2022-41831
Malicious code in bioql PyPI...
CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the 1 Question and 2 Choice fields in tools/polls/add.php, the 3 Type and 4 Title fields in tools/groups/createmanual.php, and...
CVE-2010-0971
CVE-2010-0971 concerns multiple XSS flaws in ATutor 1.6.4. The affected components are the polls, groups, and assignments modules: injecting scripts via (1) Question and (2) Choice in tools/polls/add.php, (3) Type and (4) Title in tools/groups/create_manual.php, and (5) Title in assignments/add_a...