Cross-Site Scripting Vulnerabilities in ATutor Products by ATutor
CVE-2017-6483

6.1MEDIUM

Key Information:

Vendor: Atutor
Status: Atutor
Vendor: CVE Published:; 5 March 2017

What is CVE-2017-6483?

Multiple Cross-Site Scripting (XSS) vulnerabilities were identified in ATutor 2.2.2, allowing attackers to exploit inadequately sanitized user inputs on specific pages. By manipulating the lang_code parameter in the language_edit.tmpl.php file of the admin system preferences, an attacker could inject arbitrary HTML and script code, posing a significant risk to users browsing the affected website.

References

http://www.securityfocus.com/bid/96578

vdb-entryx_refsource_BID

https://github.com/atutor/ATutor/issues/129

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2017
Vulnerability Reserved
Mar 5, 2017

Atutor

What is CVE-2017-6483?

References

CVSS V3.1

Timeline