CVE-2010-0971

ATutor 1.6.4 - Authenticated Cross-Site Scripting in Polls, Groups, and Assignments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0971. PoCs published by ITSecTeam.

AI-analyzed exploit summary This is a writeup describing multiple XSS vulnerabilities in ATutor 1.6.4, detailing how an authenticated instructor can inject malicious scripts via polls, groups, or assignments. No actual exploit code is provided, only steps to reproduce.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ITSecTeam · textwebappsphp

https://www.exploit-db.com/exploits/11685

View Code ZIP pw:eip

This is a writeup describing multiple XSS vulnerabilities in ATutor 1.6.4, detailing how an authenticated instructor can inject malicious scripts via polls, groups, or assignments. No actual exploit code is provided, only steps to reproduce.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ATutor 1.6.4

Auth required

Prerequisites: Authenticated access as an instructor · Access to the manage section

MITRE ATT&CK