← back
CVE-2014-2091

CVE-2014-2091

EPSS 1.3%
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/125348/ATutor-2.1.1-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/39107unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/125348/ATutor-2.1.1-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/bid/65744