AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2010-0971: Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor pr

infovulnerability

security

Source: NVD/CVE DatabaseMarch 16, 2010CVE-2010-0971

Summary

ATutor version 1.6.4 has multiple XSS vulnerabilities (cross-site scripting, where an attacker injects malicious code into web pages). Users with Instructor privileges can inject arbitrary scripts or HTML through several input fields in different parts of the application, including polls, groups, and assignments.

Vulnerability Details

CVSS Score

2.1

EPSS (30-day exploit probability)

EPSS: 1.2%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2010-0971

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%