Description
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Remediation
References
Related Vulnerabilities
ZenCart Other Vulnerability (CVE-2009-4323)
PHP Numeric Errors Vulnerability (CVE-2007-4657)
WordPress Plugin WP Js External Link Info Cross-Site Scripting (1.21)
OpenSSL Numeric Errors Vulnerability (CVE-2007-4995)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5321)