A vulnerability was found in ATutor 2.2.4 and classified as problematic . This affects an unknown function of the file /install/upgrade.php of the component URL Handler . Executing a manipulation can lead to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-6909 . It is possible to launch the attack remotely. No exploit is available.