WEB APPLICATION VULNERABILITIES Standard & Premium

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14981)

Description

Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.

Remediation

References

Related Vulnerabilities

WordPress Plugin Quick Contact Form Security Bypass (8.0.1)

WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)

WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-44308)

WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)

Severity

Medium

Classification

CVE-2017-14981 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities