cbcvebase.
CVE-2006-3484
published 2006-07-10

CVE-2006-3484: Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1)…

PriorityP414low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
2.64%
83.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.

Affected

4 ranges
VendorProductVersion rangeFixed in
adaptive_technology_resource_centreatutor
adaptive_technology_resource_centreatutor
adaptive_technology_resource_centreatutor
adaptive_technology_resource_centreatutor
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.