Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2091

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-2091
Last Modified 13 Aug 2015 02:05:13
Published 02 Mar 2014 12:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2091

Summary

Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.

Vulnerable Systems

Application

  • Atutor 2.1.1


References

MISC - http://packetstormsecurity.com/files/125348/ATutor-2.1.1-Cross-Site-Scripting.html

BID - 65744


Last Updated: 27 May 2016 10:56:46