L4Tera

**Name of the Vulnerable Software and Affected Versions** ATutor versions 1.5.5 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through attributes such as `style` and `onmouseover` in forum posts or mail, or via the `website` field of the user profile. **Recommendations** For ATutor versions 1.5.5 and earlier, update to a version later than 1.5.5 to resolve the issue. As a temporary workaround, consider restricting user input in the `website` field of the profile and limiting the use of attributes like `style` and `onmouseover` in forum posts and mail until a patch is available.