WEB APPLICATION VULNERABILITIES Standard & Premium

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2091)

Description

Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.

Remediation

References

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0306)

WordPress Plugin Z-URL Preview Cross-Site Scripting (1.6.2)

Joomla! Core 1.7.x SQL Injection (1.7.0 - 1.7.4)

WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.21)

Oracle JRE Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2013-4578)

Severity

Low

Classification

CVE-2014-2091 CWE-707

Tags

Missing Update Known Vulnerabilities