Unrated severityNVD Advisory· Published Feb 19, 2008· Updated Apr 23, 2026

CVE-2008-0828

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

Affected products

Atutor/Atutor23 versions
cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*range: <=1.5.5
- cpe:2.3:a:atutor:atutor:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.1:pl1:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.1:pl2:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:atutor:atutor:1.5.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/27855nvdPatch
secunia.com/advisories/29015nvdVendor Advisory
securityreason.com/securityalert/3670nvd
www.securityfocus.com/archive/1/488293/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000