CVE-2023-27008
Description
A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
References
ExploitThird Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics