WEB APPLICATION VULNERABILITIES Standard & Premium

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0828)

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

Remediation

References

Related Vulnerabilities

WordPress Plugin Ajax Gallery 'list.php' SQL Injection (3.0)

Apache HTTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2001-0925)

Sqlite Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19925)

OpenVPN AS Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2020-11462)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-3918)

Severity

Medium

Classification

CVE-2008-0828 CWE-707

Tags

Missing Update Known Vulnerabilities