CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
21.6%
The “Submission Web Form” of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form (“id” and “title” HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.
Vendor | Product | Version | CPE |
---|---|---|---|
odysseycs | ithacalabs_turnitin_lti | 1.3 | cpe:2.3:a:odysseycs:ithacalabs_turnitin_lti:1.3:*:*:*:*:*:*:* |