ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-7172 - Vulnerability Database

ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-7172

Medium
Reference: CVE-2019-7172
Title: ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

A stored-self XSS exists in ATutor through v2.2.4 allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.