Vulnerabilities > Atutor > Atutor > 2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-17 | CVE-2020-23341 | Cross-site Scripting vulnerability in Atutor A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 4.3 |
| 2020-03-02 | CVE-2015-1583 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor 2.2 Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | 6.8 |
| 2020-02-11 | CVE-2014-9753 | Improper Authentication vulnerability in Atutor confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | 7.5 |
| 2019-09-09 | CVE-2019-16114 | Incorrect Authorization vulnerability in Atutor In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. | 7.5 |
| 2019-05-17 | CVE-2019-12170 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. | 8.8 |
| 2019-04-22 | CVE-2019-11446 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor An issue was discovered in ATutor through 2.2.4. | 6.5 |
| 2019-01-29 | CVE-2019-7172 | Cross-site Scripting vulnerability in Atutor A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | 4.3 |
| 2017-10-10 | CVE-2015-6521 | Cross-site Scripting vulnerability in Atutor 2.2 Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | 3.5 |
| 2017-10-03 | CVE-2017-14981 | Cross-site Scripting vulnerability in Atutor Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. | 3.5 |
| 2017-08-31 | CVE-2015-7711 | Cross-site Scripting vulnerability in Atutor Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | 4.3 |