Description

Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.

Remediation

References

CVE-2015-7711

Related Vulnerabilities

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2015-9253)

Apache Traffic Server Resource Management Errors Vulnerability (CVE-2016-5396)

WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)

WordPress Plugin Top 10-Popular posts for WordPress Multiple Vulnerabilities (3.2.3)

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Cross-Site Scripting (6.1)

Severity

Medium

Classification

CVE-2015-7711 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities