Network Security News – Tuesday, June 21, 2005 Events
ATutor subscribe_forum.php us Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'us' variable upon submission to the subscribe_forum.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17358
ATutor tile.php Mutliple Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'submit', 'query' or 'field' variables upon submission to the tile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17357
ATutor inbox/index.php view Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'view' variable upon submission to the inbox/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17356
ATutor send_message.php l Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'l' variable upon submission to the send_message.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17354
ATutor search.php Multiple Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17355
ATutor contact.php subject Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the subject variable upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17352
ATutor browse.php show_course Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the show_course variable upon submission to the browse.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17351
ATutor content.php cid Variable XSS
ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the cid variable upon submission to the content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17353