Plant Plants

**Name of the Vulnerable Software and Affected Versions** ATutor version 2.2.1 **Description** A Cross-site scripting (XSS) issue exists in the `encrypt password()` function in `login.tmpl.php`, allowing remote attackers to inject arbitrary web script or HTML via the `token` parameter. **Recommendations** For ATutor version 2.2.1, consider disabling the `encrypt password()` function until a patch is available to prevent exploitation. Restrict access to the `login.tmpl.php` file to minimize the risk of XSS attacks. Avoid using the `token` parameter in the affected login endpoint until the issue is resolved.