CVE-2005-2044 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php (2) subject parameter to contact.php (3) cid parameter to content.php (4) l parameter to inbox/send_message.php the (5) search (6) words (7) include (8) find_in (9) display_as or (10) search parameter to search.php the (11) submit (12) query or (13) field parameter to tile.php the (14) us parameter to forum/subscribe_forum.php or the (15) roles[] (16) status (17) submit or (18) reset_filter parameters to directory.php.

Reference

http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html http://securitytracker.com/id?1014216 http://www.osvdb.org/17351 http://www.osvdb.org/17352 http://www.osvdb.org/17353 http://www.osvdb.org/17354 http://www.osvdb.org/17355 http://www.osvdb.org/17356 http://www.osvdb.org/17357 http://www.osvdb.org/17358 http://www.osvdb.org/17359 http://www.securityfocus.com/bid/13972