Cross-Site Scripting Vulnerability in ATutor by ATutor Inc.
CVE-2015-7711

6.1MEDIUM

Key Information:

Vendor

Atutor

Status
Atutor
Vendor
CVE Published:
31 August 2017

What is CVE-2015-7711?

The Cross-Site Scripting (XSS) vulnerability found in the popuphelp.php file of ATutor versions prior to 2.2 allows attackers to exploit the 'h' parameter. By injecting arbitrary web scripts or HTML, attackers can compromise the security of the application, potentially leading to unauthorized actions performed on behalf of users. This vulnerability opens avenues for a variety of attacks, including the theft of session cookies and other sensitive information from users accessing the affected product.

References

http://seclists.org/fulldisclosure/2015/Nov/12
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/134217/ATutor-2.2-Cr...
x_refsource_MISC
http://karmainsecurity.com/KIS-2015-07
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.