A vulnerability was found in ATutor 2.2.4 . It has been classified as problematic . This impacts an unknown function of the component URL Handler . The manipulation leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-6956 . The attack can be initiated remotely. There is not any exploit available.