Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

Remediation

References

CVE-2008-0828

Related Vulnerabilities

WordPress Plugin If>So Dynamic Content Unspecified Vulnerability (1.4.1)

WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Cross-Site Scripting (4.6.19)

Oracle Database Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10219)

Oracle JRE CVE-2013-3829 Vulnerability (CVE-2013-3829)

WordPress Plugin Custom Dashboard & Login Page-AGCA Multiple Unspecified Vulnerabilities (1.5.4.2)

Severity

Medium

Classification

CVE-2008-0828 CWE-707

Tags

Missing Update Known Vulnerabilities