VIR Vulnerability Intelligence Relay

CVE-2012-6528

medium
Published 2013-01-31 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.3

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-36565 webapps php verified
Stefan Schurtz ยท 2012-01-16

ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities

Source code queued for fetch โ€” refresh in a moment.

Application impact
VendorProductVersionsFixed
atutoratutor{"endIncluding":"2.0"}
atutoratutor1.0
atutoratutor1.2.1
atutoratutor1.2.2
atutoratutor1.3
atutoratutor1.3.1
atutoratutor1.3.2
atutoratutor1.3.3
atutoratutor1.4
atutoratutor1.4.1
atutoratutor1.4.2
atutoratutor1.4.3
atutoratutor1.5.1
atutoratutor1.5.2
atutoratutor1.5.3
atutoratutor1.5.3.1
atutoratutor1.5.3.2
atutoratutor1.5.4
atutoratutor1.5.5
atutoratutor1.6
atutoratutor1.6.1
atutoratutor1.6.4
atutoratutor2.0.1
atutoratutor2.0.2
atutoratutor2.0.3

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.