CVE-2005-3403

Name of the Vulnerable Software and Affected Versions ATutor versions 1.4.1 through 1.5.1-pl1

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the base href parameter in translate.php, the base path parameter in news.inc.php, and the p parameter in add note.php.

Recommendations For ATutor versions 1.4.1 through 1.5.1-pl1, consider disabling access to the translate.php, news.inc.php, and add note.php files until a patch is available. Restrict the use of the base href, base path, and p parameters in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.