Cross-site Scripting (XSS) Vulnerabilities in ATutor
Advisory ID: | HTB22599 |
Product: | ATutor |
Vendor: | Inclusive Design Institute |
Vulnerable Versions: | 1.0 and probably prior |
Tested Version: | 1.0 |
Advisory Publication: | September 1, 2010 [without technical details] |
Vendor Notification: | September 1, 2010 |
Public Disclosure: | September 15, 2010 |
Latest Update: | September 9, 2010 |
Vulnerability Type: | Cross-Site Scripting [CWE-79] |
Risk Level: | Low |
CVSSv2 Base Score: | 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) |
Solution Status: | Fixed by Vendor |
Discovered and Provided: | High-Tech Bridge Security Research Lab |
Advisory Details: | |
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ATutor which could be exploited to perform cross-site scripting attacks. | |
Solution: | |
Install patch 07 to fix the problem. | |
References: | |
[1] High-Tech Bridge Advisory HTB22599 - https://www.immuniweb.com/advisory/HTB22599 - Cross-site Scripting (XSS) Vulnerabilities in ATutor [2] ATutor - atutor.ca - ATutor is a free Open Source Web-based eLearning environment designed with accessibility and adaptability in mind. [3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. | |
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.