Description

Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Remediation

References

CVE-2017-6483

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9547)

Internet Information Services Other Vulnerability (CVE-2000-0457)

WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)

Joomla Other Vulnerability (CVE-2013-1453)

Dotclear Other Vulnerability (CVE-2014-3782)

Severity

Medium

Classification

CVE-2017-6483 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities