|
|
CVE Reference: CVE-2005-2044 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-2044 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php. |
|
|
CVE Status: Candidate |
|
|
References: ST 1014216 OSVDB 17357 17358 17359 17356 17355 17354 17353 17351 17352 MISC http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html BID 13972 |
|
| Return to the previous page. |
