Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.

Remediation

References

CVE-2012-6528

Related Vulnerabilities

WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.4.17)

MySQL CVE-2014-2435 Vulnerability (CVE-2014-2435)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)

WordPress Plugin The Plus Addons for Elementor Open Redirect (4.1.9)

WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)

Severity

Medium

Classification

CVE-2012-6528 CWE-707

Tags

Missing Update Known Vulnerabilities