CVE-2023-27008
published 2023-03-28CVE-2023-27008: A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web…
PriorityP277medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.50%
71.1th percentile
A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atutor | atutor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlPOST /atutor/login.php
path/atutor/login.php
commandtoken=asdf");}alert(document.domain);+function+asdf()+{//
- →The XSS payload is delivered via the `token` POST body parameter to /atutor/login.php. Look for POST requests to this endpoint containing JavaScript injection patterns such as `alert(document.domain)` or `");}` in the token field.
- →Response body will reflect the unescaped payload; match for the string `);}alert(document.domain); function` alongside `ATutor` and `Login` in the HTTP 200 response body.
- →Shodan/FOFA fingerprinting for exposed ATutor instances: search for `http.html:"Atutor"` or `http.html:"atutor"` (Shodan) and `body="atutor"` (FOFA).
- →The vulnerable function is `encrypt_password()` in `login.tmpl.php`. Code review or file-integrity monitoring should target this file for unexpected modifications. ↗
- →Content-Type of the exploit request is `application/x-www-form-urlencoded`; WAF rules should inspect URL-encoded POST bodies to /atutor/login.php for XSS payloads in the token parameter.
- ·The Nuclei template targets the path `/atutor/login.php` — installations not hosted under the `/atutor/` sub-path will require the path to be adjusted for accurate detection.
- ·The template is verified for ATutor exactly at version 2.2.1; the CPE scope is `cpe:2.3:a:atutor:atutor:2.2.1` — versions prior to 2.2.1 may also be vulnerable but the template was not validated against them.
- ·Detection requires UI interaction (CVSS UI:R); the reflected payload only executes in a victim's browser context, so server-side log scanning alone may miss exploitation attempts that did not result in a victim click.
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8jh9-5v73-5hrf: A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login
ghsa_unreviewed·2023-03-28
CVE-2023-27008 [MEDIUM] CWE-79 GHSA-8jh9-5v73-5hrf: A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login
A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
VulnCheck
atutor atutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2023·CVSS 6.1
CVE-2023-27008 [MEDIUM] atutor atutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
atutor atutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
Affected: atutor atutor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://viz.greynoise.io/tags/atutor-cross-site-scripting-cve-2023-27008-xss-check
No detection rules found.
Nuclei
ATutor < 2.2.1 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2023-27008 [MEDIUM] ATutor < 2.2.1 - Cross Site Scripting
ATutor < 2.2.1 - Cross Site Scripting
ATutor < 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.
Template:
id: CVE-2023-27008
info:
name: ATutor < 2.2.1 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
ATutor < 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Upgrade ATutor to version 2.2.2 or above to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/det
No writeups or analysis indexed.
2023-03-28
Published
Exploited in the wild