CVE-2010-0971 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users with Instructor privileges to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php the (3) Type and (4) Title fields in tools/groups/create_manual.php and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/62904 http://osvdb.org/62905 http://osvdb.org/62906 http://packetstormsecurity.org/1003-exploits/atutor-xss.txt http://secunia.com/advisories/38906 http://www.exploit-db.com/exploits/11685 http://www.securityfocus.com/bid/38656 https://exchange.xforce.ibmcloud.com/vulnerabilities/56852