Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-0971

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31780)

WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)

WordPress Plugin Beautiful Stat Counter for WordPress-Everest Counter Lite includes Backdoor [Only if downloaded via the vendor website] (2.0.7)

WordPress Plugin WP Design Maps & Places Cross-Site Scripting (1.2)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3385)

Severity

Low

Classification

CVE-2010-0971 CWE-707

Tags

Missing Update Known Vulnerabilities