Description

A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Remediation

References

CVE-2020-23341

Related Vulnerabilities

WordPress Plugin Showbiz Pro Responsive Teaser Arbitrary File Upload (1.7.1)

WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)

WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Cross-Site Request Forgery (2.10)

Oracle JRE CVE-2013-5852 Vulnerability (CVE-2013-5852)

Severity

Medium

Classification

CVE-2020-23341 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities