CVE-2021-24873

CVE-2021-24873: Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

Vendor Unknown

Product Tutor LMS – eLearning and online course solution

Weakness CWE-79 · XSS

Published November 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

November 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24873 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-1269 Fast Flow < 1.2.12 - Reflected Cross-Site Scripting CVE-2024-1806 ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode CVE-2026-28771 Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface Version 101 CVE-2022-50587 Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text CVE-2024-5787 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget