### [CVE-2017-14981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14981)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.

### POC

#### Reference
- https://github.com/atutor/ATutor/issues/135

#### Github
No PoCs found on GitHub currently.