CVE-2017-6483

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.2

Description Multiple Cross-Site Scripting issues were discovered due to insufficient filtration of user-supplied data. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The issue is related to the lang code variable in the language edit.tmpl.php file.

Recommendations For ATutor version 2.2.2, ensure proper filtration of user-supplied data, especially for the lang code variable in the language edit.tmpl.php file, to prevent arbitrary HTML and script code execution. As a temporary workaround, consider restricting access to the language edit.tmpl.php page until a proper fix is applied.