CVE-2014-2091
ATutor 2.1.1 - Authenticated Stored Cross-Site Scripting via Forum Title Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-2091. PoCs published by HauntIT.
AI-analyzed exploit summary This exploit demonstrates multiple XSS and HTML injection vulnerabilities in ATutor during installation and admin configuration. It includes payloads for reflected and persistent XSS attacks.
Description
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
Exploits (1)
This exploit demonstrates multiple XSS and HTML injection vulnerabilities in ATutor during installation and admin configuration. It includes payloads for reflected and persistent XSS attacks.