Vulnerability Details CVE-2012-5169
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html
- http://osvdb.org/86426
- http://secunia.com/advisories/51034
- http://update.atutor.ca/acontent/patch/1_2/
- http://www.securityfocus.com/bid/56100
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79463
- https://www.htbridge.com/advisory/HTB23117
- http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html
- http://osvdb.org/86426
- http://secunia.com/advisories/51034
- http://update.atutor.ca/acontent/patch/1_2/
- http://www.securityfocus.com/bid/56100
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79463
- https://www.htbridge.com/advisory/HTB23117