![]() ![]() ![]() This issue has been fixed in ATutor 2.2.1-RC1.ĭescription: When viewing the chat history, chat messages are not properly HTML encoded, leading to persistent XSS. The calendar seems to be shown only to the user creating it, meaning the only way to exploit this issue would be to force-login the victim.Ī user account is needed, but registration is open by default. Staying inside the existing JavaScript context:ĭescription: The event name of the calendar is vulnerable to persistent XSS. But until version 2.2.1, it was still possible to exploit this issue either by using the JavaScript context the input is echoed into (onClick), or by adding a new attribute: In ATutor 2.2.1-RC1, are encoded, preventing the proof of concept from working. This issue has been fixed in ATutor 2.2.1. When the victim views the message, or visits their inbox, the injected code will be executed.ĭescription: When creating a forum post, the Subject parameter is vulnerable to persistent XSS.Ī user account is needed, but registration is open by default. For example, an attacker could send a private message to a victim. The input is not only echoed to the user themselves, but also in other places. The input is for example echoed when visiting This self-XSS may be exploited by force-logging in the victim. This issue has been fixed in ATutor 2.2.1-RC1.ĬVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:Nĭescription: When saving profile information, Details XSS 1: Reflected XSS - CalendarĬVSS: Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:Nĭescription: The calendar_next parameter of the calendar is vulnerable to XSS. If the victim is an admin, a successful exploitation can lead to code execution via the theme uploader, and if the victim is an instructor, this can lead to code execution via a file upload vulnerability in the same version of Atutor.ģ. The vulnerabilities can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection. In version 2.2, it is vulnerable to multiple reflected and persistent XSS attacks. Partly in ATutor 2.2.1-RC1, complete in 2.2.1Ītutor is a learning management system (LMS) written in PHP. Security Advisory – Curesec Research Team
0 Comments
Leave a Reply. |