CVE-2010-0971

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.

Published: Mar 16, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0971
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
atutor / atutor	1.6.4	1.6.4.x

http://osvdb.org/62904
http://osvdb.org/62905
http://osvdb.org/62906
http://packetstormsecurity.org/1003-exploits/atutor-xss.txt
http://secunia.com/advisories/38906
http://www.exploit-db.com/exploits/11685
http://www.securityfocus.com/bid/38656
https://exchange.xforce.ibmcloud.com/vulnerabilities/56852

Vulnerability Database

289,871

CVE-2010-0971