First published: Sun Mar 02 2014(Updated: )
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Atutor Atutor | =2.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.