Cross-Site Scripting Vulnerabilities in ATutor by ASecond Education
CVE-2012-6528

Currently unrated

Key Information:

Vendor

Atutor

Status
Atutor
Vendor
CVE Published:
31 January 2013

What is CVE-2012-6528?

Multiple cross-site scripting (XSS) vulnerabilities exist in ATutor before version 2.1, allowing remote attackers to inject arbitrary web scripts or HTML. This can be exploited via manipulated PATH_INFO for several PHP files, including themes/default/tile_search/index.tmpl.php, login.php, and search.php. Successful exploitation could lead to sessions hijacking or the injection of malicious scripts that affect user interactions on the platform, compromising the security and integrity of the web application.

References

http://www.securityfocus.com/bid/51423
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/72412
vdb-entryx_refsource_XF
http://archives.neohapsis.com/archives/bugtraq/2012-01/00...
mailing-listx_refsource_BUGTRAQ

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.