Dear Sir / Madam The Itsecteam has discovered 3 new bugs in ATutor 1.6.4 CMS and will be glad to report and public them . more information about these bugs are listed below : Topic : ATutor 1.6.4 Bugs Type : Cross Site Scripting (all of them) Credit : ItSecTeam Remote : Yes Status : Bug # mail : Bug@ItSecTeam.com # Dork : "ATutor 1.6.4" #Special Tnx : am!rkh@n, Amin Shokohi(Pejvak), C0M0D0 , 0xd41684c654 , r3dmove And All It Security Team Members #Website : WwW.ITSecTeam.com ########################## Exploit ############################# the bugs can be explited as below: #1: After logging in as an instructor go to manage section and add a poll and inject your XSS code as a questaion or choices. #2: After logging in as an instructor go to manage section and Create a new Group and inject your XSS code as title or group type. #3: After logging in as an instructor go to manage section and Add an Assignment with XSS code as title. -- With Best Regards