Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atutor 多个跨站脚本攻击漏洞
Vulnerability Description
ATutor 1.4.3和1.5 RC 1版本中存在多个跨站脚本攻击漏洞,远程攻击者可借助:(1)提交到browse.php脚本的show_course参数,(2)到contact.php脚本的subject参数,(3)到content.php脚本的cid参数,(4)到inbox/send_message.php脚本的l参数,(5)到search.php脚本的search参数,(6)words参数,(7)include参数,(8)find_in参数,(9)display_as参数,或(10)search参
CVSS Information
N/A
Vulnerability Type
N/A