ATutor 1.6.4

vendor:

ATutor

by:

ItSecTeam

8,8

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: ATutor

Affected Version From: 1.6.4

Affected Version To: 1.6.4

Patch Exists: Yes

Related CWE: N/A

CPE: a:atutor:atutor:1.6.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

The bugs can be exploited by logging in as an instructor and going to the manage section to add a poll and inject XSS code as a question or choice, create a new group and inject XSS code as title or group type, or add an assignment with XSS code as title.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

Topic : ATutor 1.6.4
Bugs Type : Cross Site Scripting (all of them)
Credit : ItSecTeam
Remote : Yes
Status : Bug

# mail : Bug@ItSecTeam.com
# Dork : "ATutor 1.6.4"
#Special Tnx : am!rkh@n, Amin Shokohi(Pejvak), C0M0D0, 0xd41684c654, r3dmove And All It Security Team Members
#Website : WwW.ITSecTeam.com

########################## Exploit #############################
the bugs can be explited as below:

#1: After logging in as an instructor go to manage section and add a poll and inject your XSS code as a questaion or choices.
#2: After logging in as an instructor go to manage section and Create a new Group and inject your XSS code as title or group type.
#3: After logging in as an instructor go to manage section and Add an Assignment with XSS code as title.