ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities

Author: ITSecTeam
type: webapps
platform: php
port: 
date_added: 2010-03-10 
date_updated:  
verified: 1 
codes: OSVDB-62906;CVE-2010-0971;OSVDB-62905;OSVDB-62904 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comATutor-1.6.4.tar.gz

Topic : ATutor 1.6.4
Bugs Type : Cross Site Scripting (all of them)
Credit : ItSecTeam
Remote : Yes
Status : Bug

# mail : Bug@ItSecTeam.com
# Dork : "ATutor 1.6.4"
#Special Tnx : am!rkh@n, Amin Shokohi(Pejvak), C0M0D0, 0xd41684c654, r3dmove And All It Security Team Members
#Website : WwW.ITSecTeam.com

########################## Exploit #############################
the bugs can be explited as below:

#1: After logging in as an instructor go to manage section and add a poll and inject your XSS code as a questaion or choices.
#2: After logging in as an instructor go to manage section and Create a new Group and inject your XSS code as title or group type.
#3: After logging in as an instructor go to manage section and Add an Assignment with XSS code as title.