WEB APPLICATION VULNERABILITIES Standard & Premium

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6483)

Description

Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Remediation

References

Related Vulnerabilities

Apache version older than 1.3.34

WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)

WordPress Plugin WordPress File Upload Arbitrary File Upload (3.4.0)

WordPress Plugin Cart All In One For WooCommerce Cross-Site Request Forgery (1.1.10)

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-38745)

Severity

Medium

Classification

CVE-2017-6483 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities