Description
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.
Remediation
References
Related Vulnerabilities
Liferay Portal Incorrect Authorization Vulnerability (CVE-2024-25604)
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6335)
WordPress Plugin Google Forms Unspecified Vulnerability (0.93)
Liferay DXP Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-43793)