ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-7172 - Vulnerability Database

ATutor

ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-7172

Medium

Reference: CVE-2019-7172

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7172

Title: ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

A stored-self XSS exists in ATutor through v2.2.4 allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.