Cross-Site Scripting Vulnerabilities in ATutor AContent by ATutor
CVE-2012-5169

Currently unrated

Key Information:

Vendor: Atutor
Status: Acontent
Vendor: CVE Published:; 22 October 2012

What is CVE-2012-5169?

Multiple cross-site scripting (XSS) vulnerabilities exist in the AContent application, specifically within the 'file_manager/preview_top.php' script. These vulnerabilities can be exploited by remote attackers who can inject arbitrary web scripts or HTML through specific parameters, including 'pathext', 'popup', 'framed', or 'file'. The exploitation of these vulnerabilities poses significant risks to the security of the application and its users by allowing unauthorized access and manipulation of web content.

References

http://www.securityfocus.com/bid/56100

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2012-10/00...

mailing-listx_refsource_BUGTRAQ

http://update.atutor.ca/acontent/patch/1_2/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2012
Vulnerability Reserved
Sep 26, 2012

Atutor

What is CVE-2012-5169?

References

Timeline