CVE-2006-3484

ATutor <1.5.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.

Exploits (5)

exploitdb WRITEUP VERIFIED

by Security News · textwebappsphp

https://www.exploit-db.com/exploits/28178

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Security News · textwebappsphp

https://www.exploit-db.com/exploits/28176

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Security News · textwebappsphp

https://www.exploit-db.com/exploits/28179

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Security News · textwebappsphp

https://www.exploit-db.com/exploits/28177

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Security News · textwebappsphp

https://www.exploit-db.com/exploits/28180

View Code ZIP pw:eip

References (9)

Core 9

Core References

Exploit x_refsource_confirm

http://www.atutor.ca/view/3/8341/1.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2691

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27021

Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20941

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27020

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27023

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27022

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18857

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27019

Scores

EPSS 0.0111

EPSS Percentile 78.2%

Details

Status published

Products (4)

adaptive_technology_resource_centre/atutor 1.5.1

adaptive_technology_resource_centre/atutor 1.5.1_pl1

adaptive_technology_resource_centre/atutor 1.5.1_pl2

adaptive_technology_resource_centre/atutor 1.5.3_rc2

Published Jul 10, 2006

Tracked Since Feb 18, 2026