A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
Max CVSS
6.1
EPSS Score
0.10%
Published
2023-03-28
Updated
2023-04-03
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-08-17
Updated
2021-08-24
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-01-29
Updated
2019-01-29
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-10-03
Updated
2017-10-11
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-03-05
Updated
2017-03-08
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.
Max CVSS
6.1
EPSS Score
0.52%
Published
2017-08-31
Updated
2019-05-02
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-10-10
Updated
2017-10-27
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Max CVSS
3.5
EPSS Score
0.12%
Published
2014-03-02
Updated
2015-08-13
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.
Max CVSS
4.3
EPSS Score
0.65%
Published
2013-01-31
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
Max CVSS
4.3
EPSS Score
0.31%
Published
2012-10-22
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-09-17
Updated
2018-10-10
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.
Max CVSS
2.1
EPSS Score
0.52%
Published
2010-03-16
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-07-22
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-07-22
Updated
2017-08-17
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-02-19
Updated
2018-10-15
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!