A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
References
Link | Resource |
---|---|
https://plantplants213607121.wordpress.com/2023/02/16/atutor-2-2-1-cross-site-scripting-via-the-token-body-parameter/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-03-28T00:00:00
Updated: 2023-03-28T00:00:00
Reserved: 2023-02-27T00:00:00
Link: CVE-2023-27008
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-28T15:15:06.973
Modified: 2023-04-03T17:24:45.877
Link: CVE-2023-27008
JSON object: View
Redhat Information
No data.
CWE