|Date: (C)2017-10-04 (M)2017-10-12|| |
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.
|CVSS Score: 3.5||Access Vector: NETWORK|
|Exploit Score: 6.8||Access Complexity: MEDIUM|
|Impact Score: 2.9||Authentication: SINGLE_INSTANCE|
| ||Confidentiality: NONE|
| ||Integrity: PARTIAL|
| ||Availability: NONE|