CVE-2014-2091

Name of the Vulnerable Software and Affected Versions ATutor version 2.1.1

Description A cross-site scripting (XSS) issue allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an 'add forum' action. This occurs in the mods/ standard/forums/admin/forum add.php file.

Recommendations For ATutor version 2.1.1, avoid using the title parameter in the 'add forum' action until the issue is resolved. As a temporary workaround, consider restricting access to the mods/ standard/forums/admin/forum add.php file to minimize the risk of exploitation.