Vulnerabilities > CVE-2005-2649 - Unspecified vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | ATutor 1.5.1 login.php course Parameter XSS. CVE-2005-2649. Webapps exploit for php platform |
id | EDB-ID:26170 |
last seen | 2016-02-03 |
modified | 2005-08-18 |
published | 2005-08-18 |
reporter | matrix_killer |
source | https://www.exploit-db.com/download/26170/ |
title | ATutor 1.5.1 login.php course Parameter XSS |
Nessus
NASL family | CGI abuses : XSS |
NASL id | ATUTOR_XSS.NASL |
description | The remote host is running ATutor, a CMS written in PHP. The remote version of this software is prone to cross-site scripting attacks due to its failure to sanitize user-supplied input. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19587 |
published | 2005-09-06 |
reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
source | https://www.tenable.com/plugins/nessus/19587 |
title | ATutor 1.5.1 Multiple Script XSS |
code |
|
References
- http://secunia.com/advisories/16496
- http://secunia.com/advisories/16496
- http://www.securityfocus.com/archive/1/408521
- http://www.securityfocus.com/archive/1/408521
- http://www.securityfocus.com/bid/14598
- http://www.securityfocus.com/bid/14598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21910
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21910