WEB APPLICATION VULNERABILITIES Standard & Premium

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0828)

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

Remediation

References

Related Vulnerabilities

MySQL CVE-2021-2170 Vulnerability (CVE-2021-2170)

MySQL CVE-2022-21288 Vulnerability (CVE-2022-21288)

Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0305)

WordPress Plugin NextGEN Gallery-WordPress Gallery SQL Injection (2.1.77)

WordPress Plugin Product Loops for WooCommerce-100+ Awesome styles and options for your WooCommerce products Security Bypass (1.6.1)

Severity

Medium

Classification

CVE-2008-0828 CWE-707

Tags

Missing Update Known Vulnerabilities