Title:ATutor 跨站脚本漏洞 (CVE-2023-27008) Description:A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
Description
ATutor < 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →