ATutor Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URIs are available:
http://www.example.com/ATutor/browse.php?cat=0&show_course=1[XSS-CODE]
http://www.example.com/ATutor/contact.php?subject=[XSS-CODE]
http://www.example.com/atutor/content.php?cid=323[XSS-CODE]
http://www.example.com/atutor/inbox/send_message.php?l=1[XSS-CODE]
http://www.example.com/atutor/search.php?search=10[XSS-CODE]&words=kk&include=all&find_in=this&display_as=pages&search=Search
http://www.example.com/ATutor/search.php?search=1&words=aa[XSS-CODE]&include=one&find_in=all&display_as=summaries&search=Search#search_results
http://www.example.com/ATutor/search.php?search=1&words=aa&include=one[XSS-CODE]&find_in=all&display_as=summaries&search=Search#search_results
http://www.example.com/ATutor/search.php?search=1&words=aa&include=one&find_in=all[XSS-CODE]&display_as=summaries&search=Search#search_results
http://www.example.com/ATutor/search.php?search=1&words=aa&include=one&find_in=all&display_as=[XSS-CODE]summaries&search=Search#search_results
http://www.example.com/ATutor/search.php?search=1&words=aa&include=one&find_in=all&display_as=summaries&search=[XSS-CODE]Search#search_results
http://www.example.com/ATutor/inbox/index.php?view=1[XSS-CODE]
http://www.example.com/ATutor/tile.php?query=yy&field=technicalFormat&submit=Search[XSS-CODE]
http://www.example.com/ATutor/tile.php?query=[XSS-CODE]&field=technicalFormat&submit=Search
http://www.example.com/ATutor/tile.php?query=yy&field=technicalFormat[XSS-CODE]&submit=Search
http://www.example.com/ATutor/forum/subscribe_forum.php?fid=2&us=1[XSS-CODE]
http://www.example.com/ATutor/directory.php?roles%5B%5D=[XSS-CODE]1&roles%5B%5D=2&roles%5B%5D=3&status=1&submit=Filter
http://www.example.com/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=[XSS-CODE]2&roles%5B%5D=3&status=1&submit=Filter
http://www.example.com/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=2&roles%5B%5D=3[XSS-CODE]&status=1&submit=Filter
http://www.example.com/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=2&roles%5B%5D=3&status=1[XSS-CODE]&submit=Filter
http://www.example.com/ATutor/directory.php?roles%5B%5D=1&roles%5B%5D=2&roles%5B%5D=3&status=1&submit=Filter[XSS-CODE]
http://www.example.com/ATutor/directory.php?roles%5B%5D=1&status=2&reset_filter=Reset+Filter[XSS-CODE]
http://www.example.com/ATutor/directory.php?roles[]=1[XSS-CODE]


 

Privacy Statement
Copyright 2010, SecurityFocus