CVE-2012-5169

Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.

🔗 References (14)

• cve@mitrehttp://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html
• cve@mitrehttp://osvdb.org/86426
• cve@mitrehttp://secunia.com/advisories/51034
• cve@mitrehttp://update.atutor.ca/acontent/patch/1_2/
• cve@mitrehttp://www.securityfocus.com/bid/56100
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/79463
• cve@mitrehttps://www.htbridge.com/advisory/HTB23117
• af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/86426
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51034
• af854a3a-2127-422b-91ae-364da2661108http://update.atutor.ca/acontent/patch/1_2/
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56100
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79463
• af854a3a-2127-422b-91ae-364da2661108https://www.htbridge.com/advisory/HTB23117