Description
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.
Remediation
References
Related Vulnerabilities
OpenSSL Improper Input Validation Vulnerability (CVE-2008-5077)
PHP Other Vulnerability (CVE-2007-2727)
Oracle JRE CVE-2012-0507 Vulnerability (CVE-2012-0507)
WordPress Plugin AdRotate-Ad manager & AdSense Ads 'track' Parameter SQL Injection (3.6.5)
Oracle Database Server Cryptographic Issues Vulnerability (CVE-2006-0270)