Pawel Zdunek

#22213of 53,633
10.2Total CVSS
Vulnerabilities · 2
Medium
2
PT-2026-39590
5.1
2026-05-11
Atutor · Atutor · CVE-2026-6909
**Name of the Vulnerable Software and Affected Versions** ATutor version 2.2.4 **Description** A Reflected Cross-Site Scripting (XSS) issue exists in the '/install/upgrade.php' endpoint. This allows an attacker to execute arbitrary JavaScript in a victim's browser by providing a specially crafted URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-39591
5.1
2026-05-11
Atutor · Atutor · CVE-2026-6956
**Name of the Vulnerable Software and Affected Versions** ATutor version 2.2.4 **Description** A reflected Cross-Site Scripting (XSS) issue exists in the '/install/install.php' endpoint. This allows an attacker to execute arbitrary JavaScript in a victim's browser by providing a specially crafted URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.