Vulnerabilities > Atutor > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-08 | CVE-2021-43498 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Atutor 2.2.4 An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | 5.0 |
| 2021-08-17 | CVE-2020-23341 | Cross-site Scripting vulnerability in Atutor A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 4.3 |
| 2020-03-16 | CVE-2020-10557 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor Acontent An issue was discovered in AContent through 1.4. | 6.5 |
| 2020-03-02 | CVE-2015-1583 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor 2.2 Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | 6.8 |
| 2019-04-22 | CVE-2019-11446 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor An issue was discovered in ATutor through 2.2.4. | 6.5 |
| 2019-01-29 | CVE-2019-7172 | Cross-site Scripting vulnerability in Atutor A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | 4.3 |
| 2017-08-31 | CVE-2015-7711 | Cross-site Scripting vulnerability in Atutor Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | 4.3 |
| 2017-07-22 | CVE-2016-10400 | Path Traversal vulnerability in Atutor Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. | 5.0 |
| 2017-03-05 | CVE-2017-6483 | Cross-site Scripting vulnerability in Atutor Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. | 4.3 |
| 2017-02-07 | CVE-2016-2539 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | 6.8 |