{"id":"CVE-2017-14981","details":"Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.","modified":"2026-02-28T04:51:28.270701Z","published":"2017-10-03T01:29:02.763Z","references":[{"type":"ADVISORY","url":"https://github.com/atutor/ATutor/commit/9292360c8b3898d0990983269f110cef21729090"},{"type":"ADVISORY","url":"https://github.com/atutor/ATutor/issues/135"},{"type":"EVIDENCE","url":"https://github.com/atutor/ATutor/issues/135"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/atutor/atutor","events":[{"introduced":"0"},{"fixed":"9292360c8b3898d0990983269f110cef21729090"}]}],"versions":["atutor_1_4_2","atutor_1_5","atutor_1_5_1","atutor_1_5_2","atutor_1_5_3","atutor_1_5_3_1","atutor_1_5_3_2","atutor_1_5_3_3","atutor_1_5_5","atutor_2_1","atutor_2_1_1","atutor_2_2","atutor_2_2_1","atutor_2_2_2","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14981.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}