CVE-2012-5169

ATutor AContent <1.2-2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.

References (7)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html

[Vendor Advisory] http://secunia.com/advisories/51034

[Patch] http://update.atutor.ca/acontent/patch/1_2/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56100

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/79463

[Exploit] https://www.htbridge.com/advisory/HTB23117

[Third Party Advisory, VDB Entry] http://osvdb.org/86426

Scores

EPSS 0.0050

EPSS Percentile 65.6%

Details

CWE

CWE-79

Status published

Products (3)

atutor/acontent < 1.2

atutor/acontent

n/a/n/a

Published Oct 22, 2012

Tracked Since Feb 18, 2026