CVE-2010-0971
CVE-2010-0971
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.org/1003-exploits/atutor-xss.txtnão verificadocve_referencewww.exploit-db.com/exploits/11685não verificadoexploitdbwww.exploit-db.com/exploits/11685não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://osvdb.org/62904http://osvdb.org/62905http://osvdb.org/62906http://packetstormsecurity.org/1003-exploits/atutor-xss.txthttp://secunia.com/advisories/38906https://exchange.xforce.ibmcloud.com/vulnerabilities/56852http://www.exploit-db.com/exploits/11685http://www.securityfocus.com/bid/38656