Description
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Improper Initialization Vulnerability (CVE-2022-22719)
WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1)
WordPress Plugin Search Everything SQL Injection (8.1.5)
Moodle CVE-2021-40695 Vulnerability (CVE-2021-40695)
WordPress Plugin Wordpress Countdown Widget Cross-Site Scripting (3.1.9.2)