Description

A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Remediation

References

CVE-2020-23341

Related Vulnerabilities

WordPress Plugin File Manager Advanced Shortcode Arbitrary File Upload (2.5.3)

WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)

WordPress Plugin WooCommerce Unspecified Vulnerability (3.5.3)

IBM WebSEAL Improper Authentication Vulnerability (CVE-2018-1443)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2015-7873)

Severity

Medium

Classification

CVE-2020-23341 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities