CVE-2010-0971

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/62904
http://osvdb.org/62905
http://osvdb.org/62906
http://packetstormsecurity.org/1003-exploits/atutor-xss.txt
http://secunia.com/advisories/38906
http://www.exploit-db.com/exploits/11685
http://www.securityfocus.com/bid/38656
https://exchange.xforce.ibmcloud.com/vulnerabilities/56852

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

16-03-2010 - 19:00