ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability
• Software Link:
• Affected Versions:
Version 2.2 and prior versions.
• Vulnerability Description:
The vulnerable code is located in the /popuphelp.php script:
26if ($_GET['h']) {
27 $h = $_GET['h'];
28
29 if (is_string($_GET['h'])) { // just a AT_HELP code with no prefix
30 $msg->printHelps($h);User input passed through the “h” GET parameter is not properly sanitized before being passed to the Message::printHelps() method at line 30. This can be exploited to carry out Reflected Cross-Site Scripting (XSS) attacks.
• Solution:
No official solution is currently available.
• Disclosure Timeline:
[06/10/2014] – Vendor notified
[09/10/2014] – Vendor response stating this issue has been added to the bug tracker and it is relatively minor
[11/11/2014] – Vendor replied asking for fix suggestions
[11/11/2014] – Fix suggestions have been provided to the vendor
[30/09/2015] – CVE number requested
[05/10/2015] – CVE number assigned
[06/10/2015] – After one year still no official solution available
[04/11/2015] – Public disclosure
• CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2015-7711 to this vulnerability.
• Credits:
Vulnerability discovered by Egidio Romano.