Description
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quick Contact Form Security Bypass (8.0.1)
WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)
WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-44308)
WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)