Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-6528. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary This exploit demonstrates multiple reflected XSS vulnerabilities in ATutor 2.0.3 by injecting arbitrary JavaScript code via unsanitized input in various URLs. The PoC uses simple alert payloads to confirm vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.
Exploits (1)
This exploit demonstrates multiple reflected XSS vulnerabilities in ATutor 2.0.3 by injecting arbitrary JavaScript code via unsanitized input in various URLs. The PoC uses simple alert payloads to confirm vulnerability.