Description
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP fail2ban Security Bypass (4.0.2)
WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.7)
WordPress Plugin SiteGuard WP Information Disclosure (1.7.6)
WordPress Plugin HashBar-WordPress Notification Bar Cross-Site Scripting (1.3.5)
WordPress Plugin Taxonomy Images Multiple Unspecified Vulnerabilities (0.6)