A Cross-site scripting (XSS) vulnerability in the...
Moderate severity
Unreviewed
Published
Mar 28, 2023
to the GitHub Advisory Database
•
Updated Apr 11, 2023
Description
Published by the National Vulnerability Database
Mar 28, 2023
Published to the GitHub Advisory Database
Mar 28, 2023
Last updated
Apr 11, 2023
A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
References