CVE-2008-0828

Atutor < 1.5.5 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

References (4)

[Vendor Advisory] http://secunia.com/advisories/29015

[Patch] http://www.securityfocus.com/bid/27855

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/488293/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3670

Scores

EPSS 0.0029

EPSS Percentile 51.7%

Classification

CWE

CWE-79

Status draft

Affected Products (23)

atutor/atutor < 1.5.5

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

atutor/atutor

... and 8 more

Timeline

Published Feb 19, 2008

Tracked Since Feb 18, 2026