Vulnerabilities > Atutor > Medium

DATE CVE VULNERABILITY TITLE RISK
2010-07-22 CVE-2009-4941 Cross-Site Scripting vulnerability in Atutor Acollab 1.2
Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
network
atutor CWE-79
4.3
4.3
2008-07-30 CVE-2008-3368 Code Injection vulnerability in Atutor
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
network
low complexity
atutor CWE-94
6.5
6.5
2008-02-19 CVE-2008-0828 Cross-Site Scripting vulnerability in Atutor
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.
network
atutor CWE-79
4.3
4.3