Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

Remediation

References

CVE-2008-0828

Related Vulnerabilities

MySQL CVE-2015-2643 Vulnerability (CVE-2015-2643)

WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-27568)

Oracle HTTP Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-25236)

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3536)

WordPress Plugin WP-Ban Security Bypass (1.63)

Severity

Medium

Classification

CVE-2008-0828 CWE-707

Tags

Missing Update Known Vulnerabilities