Vulnerabilities > CVE-2005-2044 - Cross-Site Scripting vulnerability in ATutor
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description ATutor 1.4.3 inbox/index.php view Parameter XSS. CVE-2005-2044. Webapps exploit for php platform id EDB-ID:25831 last seen 2016-02-03 modified 2005-06-16 published 2005-06-16 reporter Lostmon source https://www.exploit-db.com/download/25831/ title ATutor 1.4.3 inbox/index.php view Parameter XSS description ATutor 1.4.3 directory.php Multiple Parameter XSS. CVE-2005-2044. Webapps exploit for php platform id EDB-ID:25834 last seen 2016-02-03 modified 2005-06-16 published 2005-06-16 reporter Lostmon source https://www.exploit-db.com/download/25834/ title ATutor 1.4.3 - directory.php Multiple Parameter XSS description ATutor 1.4.3 tile.php Multiple Parameter XSS. CVE-2005-2044. Webapps exploit for php platform id EDB-ID:25832 last seen 2016-02-03 modified 2005-06-16 published 2005-06-16 reporter Lostmon source https://www.exploit-db.com/download/25832/ title ATutor 1.4.3 tile.php Multiple Parameter XSS description ATutor 1.4.3 content.php cid Parameter XSS. CVE-2005-2044 . Webapps exploit for php platform id EDB-ID:25828 last seen 2016-02-03 modified 2005-06-16 published 2005-06-16 reporter Lostmon source https://www.exploit-db.com/download/25828/ title ATutor 1.4.3 content.php cid Parameter XSS description ATutor 1.4.3 contact.php subject Parameter XSS. CVE-2005-2044. Webapps exploit for php platform id EDB-ID:25827 last seen 2016-02-03 modified 2005-06-16 published 2005-06-16 reporter Lostmon source https://www.exploit-db.com/download/25827/ title ATutor 1.4.3 contact.php subject Parameter XSS description ATutor 1.4.3 send_message.php l Parameter XSS. CVE-2005-2044. Webapps exploit for php platform id EDB-ID:25829 last seen 2016-02-03 modified 2005-06-16 published 2005-06-16 reporter Lostmon source https://www.exploit-db.com/download/25829/ title ATutor 1.4.3 send_message.php l Parameter XSS
References
- http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html
- http://securitytracker.com/id?1014216
- http://www.osvdb.org/17351
- http://www.osvdb.org/17352
- http://www.osvdb.org/17353
- http://www.osvdb.org/17354
- http://www.osvdb.org/17355
- http://www.osvdb.org/17356
- http://www.osvdb.org/17357
- http://www.osvdb.org/17358
- http://www.osvdb.org/17359
- http://www.securityfocus.com/bid/13972