Description
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Remediation
References
Related Vulnerabilities
ownCloud Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-35947)
Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.7.6)
Royal PrettyPhoto Cross-Site Scripting (1.2)
Joomla CVE-2012-5827 Vulnerability (CVE-2012-5827)
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-24734)