Cross-Site Scripting Vulnerabilities in ATutor Products by ATutor
CVE-2017-6483

6.1MEDIUM

Key Information:

Vendor

Atutor

Status
Atutor
Vendor
CVE Published:
5 March 2017

What is CVE-2017-6483?

Multiple Cross-Site Scripting (XSS) vulnerabilities were identified in ATutor 2.2.2, allowing attackers to exploit inadequately sanitized user inputs on specific pages. By manipulating the lang_code parameter in the language_edit.tmpl.php file of the admin system preferences, an attacker could inject arbitrary HTML and script code, posing a significant risk to users browsing the affected website.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/96578
vdb-entryx_refsource_BID
https://github.com/atutor/ATutor/issues/129
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.