Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3821

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3821
Last Modified 05 Sep 2008 05:08:09
Published 25 Jul 2006 09:22:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3821

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.

Vulnerable Systems

Application

  • Adaptive Technology Resource Centre Atutor 1.4.1

  • Adaptive Technology Resource Centre Atutor 1.4.2

  • Adaptive Technology Resource Centre Atutor 1.4.3

  • Adaptive Technology Resource Centre Atutor 1.5 Rc 1

  • Adaptive Technology Resource Centre Atutor 1.5.1

  • Adaptive Technology Resource Centre Atutor 1.5.1 Pl1

  • Adaptive Technology Resource Centre Atutor 1.5.1 Pl2

  • Adaptive Technology Resource Centre Atutor 1.5.3


References

BUGTRAQ - 20060711 Re: ATutor 1.5.3 Cross Site Scripting

BUGTRAQ - 20060708 ATutor 1.5.3 Cross Site Scripting

XF - atutor-registration-xss(27619)

OSVDB - 28187

OSVDB - 28186

SECUNIA - 21008


Last Updated: 27 May 2016 10:43:08