CVE-2017-14981

Name of the Vulnerable Software and Affected Versions ATutor versions prior to 2.2.3

Description A Cross-Site Scripting (XSS) issue was found due to insufficient filtration of data, specifically in the url variable in the /mods/ standard/rss feeds/edit feed.php endpoint. This allows an attacker to inject arbitrary HTML and script code into a browser in the context of the vulnerable website.

Recommendations For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /mods/ standard/rss feeds/edit feed.php endpoint until the update is applied.