Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.
References 7 Total
- https://www.htbridge.com/advisory/HTB23179
- http://packetstormsecurity.com/files/124200
- secunia.com: 55753 third-party-advisory
- exchange.xforce.ibmcloud.com: claroline-cve20136267-xss(89264) vdb-entry
- securitytracker.com: 1029435 vdb-entry
- http://forum.claroline.net/viewtopic.php?f=88&t=26413
- archives.neohapsis.com: 20131127 Multiple Cross-Site Scripting (XSS) in Claroline mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- https://www.htbridge.com/advisory/HTB23179 x_transferred
- http://packetstormsecurity.com/files/124200 x_transferred
- secunia.com: 55753 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: claroline-cve20136267-xss(89264) vdb-entryx_transferred
- securitytracker.com: 1029435 vdb-entryx_transferred
- http://forum.claroline.net/viewtopic.php?f=88&t=26413 x_transferred
- archives.neohapsis.com: 20131127 Multiple Cross-Site Scripting (XSS) in Claroline mailing-listx_transferred