Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
References 7 Total
- securityfocus.com: 56100 vdb-entry
- archives.neohapsis.com: 20121017 Multiple vulnerabilities in AContent mailing-list
- http://update.atutor.ca/acontent/patch/1_2/
- exchange.xforce.ibmcloud.com: acontent-previewtop-xss(79463) vdb-entry
- osvdb.org: 86426 vdb-entry
- secunia.com: 51034 third-party-advisory
- https://www.htbridge.com/advisory/HTB23117
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- securityfocus.com: 56100 vdb-entryx_transferred
- archives.neohapsis.com: 20121017 Multiple vulnerabilities in AContent mailing-listx_transferred
- http://update.atutor.ca/acontent/patch/1_2/ x_transferred
- exchange.xforce.ibmcloud.com: acontent-previewtop-xss(79463) vdb-entryx_transferred
- osvdb.org: 86426 vdb-entryx_transferred
- secunia.com: 51034 third-party-advisoryx_transferred
- https://www.htbridge.com/advisory/HTB23117 x_transferred