These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-6483 is a medium-severity cross-site scripting issue in ATutor affecting versions through 2.2.2. The flaw stems from insufficient filtering of user-supplied lang_code data in admin language preference pages, which can let an attacker execute HTML or script in a victim’s browser within the site’s origin.
CVE-2016-2539 is a high-severity CSRF issue in ATutor before 2.2.2. The flaw affects install_modules.php and can be abused when an authenticated user is induced to send a crafted request, potentially leading to arbitrary file upload and execution of PHP code. NVD rates the issue CVSS 8.8 with UI:R, PR:N, and high impact across confidentiality, integrity, and availability.