Search criteria
93 vulnerabilities found for claroline by claroline
FKIE_CVE-2022-37161
Vulnerability from fkie_nvd - Published: 2022-08-25 17:15 - Updated: 2024-11-21 07:14
Severity ?
Summary
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C246302-F918-40E2-A8F3-BF9C886C2657",
"versionEndIncluding": "13.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload."
},
{
"lang": "es",
"value": "Claroline versiones 13.5.7 y anteriores son vulnerables a un ataque de tipo Cross Site Scripting (XSS) por medio de una carga de archivos SVG."
}
],
"id": "CVE-2022-37161",
"lastModified": "2024-11-21T07:14:32.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T17:15:08.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-37160
Vulnerability from fkie_nvd - Published: 2022-08-25 17:15 - Updated: 2024-11-21 07:14
Severity ?
Summary
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C246302-F918-40E2-A8F3-BF9C886C2657",
"versionEndIncluding": "13.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user."
},
{
"lang": "es",
"value": "Claroline versiones 13.5.7 y anteriores permite a un atacante autenticado elevar los privilegios por medio de la creaci\u00f3n arbitraria de un usuario privilegiado. Combinando una vulnerabilidad de tipo XSS presente en varios formularios de carga y una petici\u00f3n javascript a la API actual, es posible desencadenar la creaci\u00f3n de un usuario con derechos administrativos abriendo un archivo SVG como usuario administrador."
}
],
"id": "CVE-2022-37160",
"lastModified": "2024-11-21T07:14:32.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T17:15:08.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-37162
Vulnerability from fkie_nvd - Published: 2022-08-25 17:15 - Updated: 2024-11-21 07:14
Severity ?
Summary
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C246302-F918-40E2-A8F3-BF9C886C2657",
"versionEndIncluding": "13.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the \u0027Location\u0027 field of a calendar event."
},
{
"lang": "es",
"value": "Claroline versiones 13.5.7 y anteriores son vulnerables a un ataque de tipo Cross Site Scripting (XSS). Un atacante puede obtener la ejecuci\u00f3n de c\u00f3digo javascript a\u00f1adiendo c\u00f3digo javascript arbitrario en el campo \"Location\"\"de un evento del calendario."
}
],
"id": "CVE-2022-37162",
"lastModified": "2024-11-21T07:14:32.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T17:15:08.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-37159
Vulnerability from fkie_nvd - Published: 2022-08-25 17:15 - Updated: 2024-11-21 07:14
Severity ?
Summary
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C246302-F918-40E2-A8F3-BF9C886C2657",
"versionEndIncluding": "13.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload."
},
{
"lang": "es",
"value": "Claroline versiones 13.5.7 y anteriores, son vulnerables a una ejecuci\u00f3n de c\u00f3digo Remota por medio de la subida de archivos arbitrarios."
}
],
"id": "CVE-2022-37159",
"lastModified": "2024-11-21T07:14:32.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T17:15:08.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4753
Vulnerability from fkie_nvd - Published: 2014-12-26 23:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6D09DD-9A29-4039-83C7-5DBEFA216E16",
"versionEndIncluding": "1.11.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the \"First name\" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en in Claroline 1.11.9 y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo B\u00fasqueda en la bandeja de entrada en messaging/messagebox.php, (2) el campo \u0027Nombre\u0027 en auth/profile.php, o (3) el campo Speakers en la acci\u00f3n rqAdd en calendar/agenda.php."
}
],
"id": "CVE-2013-4753",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-26T23:59:00.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.xchg.info/?p=406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.xchg.info/?p=406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6267
Vulnerability from fkie_nvd - Published: 2013-12-05 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D192AA95-1D20-4E0C-B040-1AC790A14535",
"versionEndIncluding": "1.11.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5F784A74-4410-40CC-8060-6FF59896E8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "063B5914-A6E5-4326-B6D6-8A7867C62F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C90D9634-3D54-410E-AD7E-16B677D6D3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B09DF96-D513-497B-ABCC-BCF885FC8732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19E6055B-0F86-4037-A0D1-C0FA30FDA1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9C6D62-F6EA-43FB-85D9-3D8E1B22EDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "505B4BFE-BF60-432C-B3F0-94DA05653DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73F2CD4D-933C-4C42-BA62-A16049D0E241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "041FE58B-651A-4C31-9BCE-A4D0108F857A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en Claroline anteriores a 1.11.9 permiten a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro box a messaging/messagebox.php, el par\u00e1metro cidToEdit a (2) adminregisteruser.php o (3) admin_user_course_settings.php en admin/, (4) el par\u00e1metro module_id a admin7module/module.php, o (6) el par\u00e1metro offset a admin/right/profile_list.php."
}
],
"id": "CVE-2013-6267",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T18:55:12.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/124200"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55753"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029435"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/124200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23179"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3716
Vulnerability from fkie_nvd - Published: 2011-09-23 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62FF933A-FE81-45F8-A557-24CC66D595CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files."
},
{
"lang": "es",
"value": "Claroline v1.9.7 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con work/connector/linker.cnr.php y algunos otros archivos."
}
],
"id": "CVE-2011-3716",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:02.630",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1907
Vulnerability from fkie_nvd - Published: 2009-06-04 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEDBF98-5293-4FAF-BC4D-18A9B1D50EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en claroline/linker/notfound.php en Claroline v1.8.11 permite a los atacante remoto inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s de la cabecera HTTP Referer."
}
],
"id": "CVE-2009-1907",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-04T16:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35019"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34883"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022198"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3315
Vulnerability from fkie_nvd - Published: 2008-07-25 16:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3A93AA-BDC0-42A1-BCCA-4C768706D813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Claroline 1.8.10 permite a atacantes remotos inyectar secuencias de comandos Web o HTML mediante (1) la cadena query en (a) announcements/messages.php; (b) lostPassword.php y (c) profile.php de auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php y (h) module.php de learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php y (n) user_access_details.php de tracking/; (o) user/user.php y (p) user/userInfo.php; el par\u00e1metro (2) view en (q) tracking/courseLog.php y el par\u00e1metro (3) toolId en (r) tracking/toolaccess_details.php. NOTE: Puede que esta vulnerabilidad se solape con CVE-2006-3257 y CVE-2005-1374."
}
],
"id": "CVE-2008-3315",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-25T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31201"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4041"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/30346"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/30346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3260
Vulnerability from fkie_nvd - Published: 2008-07-22 17:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| claroline | claroline | * | |
| claroline | claroline | 1.2 | |
| claroline | claroline | 1.3 | |
| claroline | claroline | 1.4 | |
| claroline | claroline | 1.5 | |
| claroline | claroline | 1.5.3 | |
| claroline | claroline | 1.5.4 | |
| claroline | claroline | 1.6 | |
| claroline | claroline | 1.6_beta | |
| claroline | claroline | 1.6_rc1 | |
| claroline | claroline | 1.7 | |
| claroline | claroline | 1.7.1 | |
| claroline | claroline | 1.7.2 | |
| claroline | claroline | 1.7.3 | |
| claroline | claroline | 1.7.4 | |
| claroline | claroline | 1.7.5 | |
| claroline | claroline | 1.7.6 | |
| claroline | claroline | 1.7.7 | |
| claroline | claroline | 1.8.0 | |
| claroline | claroline | 1.8.1 | |
| claroline | claroline | 1.8.2 | |
| claroline | claroline | 1.8.3 | |
| claroline | claroline | 1.8.4 | |
| claroline | claroline | 1.8.5 | |
| claroline | claroline | 1.8.6 | |
| claroline | claroline | 1.8.7 | |
| claroline | claroline | 1.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB3D6E0-D58C-4E98-8FE9-073062D156D6",
"versionEndIncluding": "1.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91188982-B73C-45A1-8FA1-66557D50A6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25E91C51-AA00-452E-B009-CD8EC50F9E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C266BDCB-4533-4697-A13A-22B8DC4A33EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE56684-B98B-4642-93F3-8C6297246E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88E5AD48-31AA-4A9E-969A-6E45E4B6F827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BD0DDD-51EC-40E6-8E6D-635E449478AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA479E-E55B-45B2-9DD2-4E2D088AF51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF8764-0B6C-439B-9333-473F54B9921A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58F1F26-B87D-4445-AB31-0648A7B32E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45E88D7C-9610-4052-BBB0-F5FDC596DBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF4F90D-CBF7-4539-9AA3-2A667C888670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24F49508-B7BC-4971-B3A7-279DCE45E369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34591E8D-FF34-4E78-BA9B-C8C22C38E1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC9DF44-4883-422F-9FB8-57CDE7EA6C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD502BE-8878-461D-AA04-AA450F652DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5CC64-234C-4519-B902-381A023B83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99DB46-C0C6-4A46-A0B2-CC71C10C62A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89AEBCB1-E580-4938-B0F5-9E80CD9F6C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF851B-0A5C-4336-91D4-0A64DB1A260C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BD4930-4314-476F-8350-F75556CED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7700C1DE-354E-4ED4-B048-5CB5618CA73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE7AB94-491A-44D5-9F68-D43D4810A63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A563F517-117B-49F5-AC3F-C2FEA583EBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D34E7778-31F0-4FC4-98E0-E0C5A3D25538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC99C89-A159-465D-959A-FE3A17C52515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CCABE8BF-C842-41C8-A83F-909948CE8D11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Claroline anterior a v1.8.10, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) \"cwd\" en una acci\u00f3n rqMkHtml a document/rqmkhtml.php, o mendiante una consulta a (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, o (13) work/work.php en claroline/."
}
],
"id": "CVE-2008-3260",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-22T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://claroline.svn.sourceforge.net/viewrc/claroline/branches/1.8/claroline/?sortby=date#dirlist"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31116"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4020"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=613634"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://claroline.svn.sourceforge.net/viewrc/claroline/branches/1.8/claroline/?sortby=date#dirlist"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=613634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3261
Vulnerability from fkie_nvd - Published: 2008-07-22 17:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| claroline | claroline | * | |
| claroline | claroline | 1.2 | |
| claroline | claroline | 1.3 | |
| claroline | claroline | 1.4 | |
| claroline | claroline | 1.5 | |
| claroline | claroline | 1.5.3 | |
| claroline | claroline | 1.5.4 | |
| claroline | claroline | 1.6 | |
| claroline | claroline | 1.6_beta | |
| claroline | claroline | 1.6_rc1 | |
| claroline | claroline | 1.7 | |
| claroline | claroline | 1.7.1 | |
| claroline | claroline | 1.7.2 | |
| claroline | claroline | 1.7.3 | |
| claroline | claroline | 1.7.4 | |
| claroline | claroline | 1.7.5 | |
| claroline | claroline | 1.7.6 | |
| claroline | claroline | 1.7.7 | |
| claroline | claroline | 1.8.0 | |
| claroline | claroline | 1.8.1 | |
| claroline | claroline | 1.8.2 | |
| claroline | claroline | 1.8.3 | |
| claroline | claroline | 1.8.4 | |
| claroline | claroline | 1.8.5 | |
| claroline | claroline | 1.8.6 | |
| claroline | claroline | 1.8.7 | |
| claroline | claroline | 1.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB3D6E0-D58C-4E98-8FE9-073062D156D6",
"versionEndIncluding": "1.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91188982-B73C-45A1-8FA1-66557D50A6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25E91C51-AA00-452E-B009-CD8EC50F9E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C266BDCB-4533-4697-A13A-22B8DC4A33EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE56684-B98B-4642-93F3-8C6297246E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88E5AD48-31AA-4A9E-969A-6E45E4B6F827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BD0DDD-51EC-40E6-8E6D-635E449478AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA479E-E55B-45B2-9DD2-4E2D088AF51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF8764-0B6C-439B-9333-473F54B9921A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58F1F26-B87D-4445-AB31-0648A7B32E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45E88D7C-9610-4052-BBB0-F5FDC596DBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF4F90D-CBF7-4539-9AA3-2A667C888670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24F49508-B7BC-4971-B3A7-279DCE45E369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34591E8D-FF34-4E78-BA9B-C8C22C38E1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC9DF44-4883-422F-9FB8-57CDE7EA6C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD502BE-8878-461D-AA04-AA450F652DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5CC64-234C-4519-B902-381A023B83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99DB46-C0C6-4A46-A0B2-CC71C10C62A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89AEBCB1-E580-4938-B0F5-9E80CD9F6C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF851B-0A5C-4336-91D4-0A64DB1A260C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BD4930-4314-476F-8350-F75556CED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7700C1DE-354E-4ED4-B048-5CB5618CA73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE7AB94-491A-44D5-9F68-D43D4810A63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A563F517-117B-49F5-AC3F-C2FEA583EBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D34E7778-31F0-4FC4-98E0-E0C5A3D25538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC99C89-A159-465D-959A-FE3A17C52515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CCABE8BF-C842-41C8-A83F-909948CE8D11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad involuntaria de redirecci\u00f3n en claroline/redirector.php en Claroline anterior a 1.8.10, permite a atacantes remotos redireccionar a usuarios a sitios web de su elecci\u00f3n y llevar a cabo ataques de phishing mediante una URL en el par\u00e1metro \"url\"."
}
],
"id": "CVE-2008-3261",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-22T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4020"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=613634"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=613634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3262
Vulnerability from fkie_nvd - Published: 2008-07-22 17:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| claroline | claroline | * | |
| claroline | claroline | 1.2 | |
| claroline | claroline | 1.3 | |
| claroline | claroline | 1.4 | |
| claroline | claroline | 1.5 | |
| claroline | claroline | 1.5.3 | |
| claroline | claroline | 1.5.4 | |
| claroline | claroline | 1.6 | |
| claroline | claroline | 1.6_beta | |
| claroline | claroline | 1.6_rc1 | |
| claroline | claroline | 1.7 | |
| claroline | claroline | 1.7.1 | |
| claroline | claroline | 1.7.2 | |
| claroline | claroline | 1.7.3 | |
| claroline | claroline | 1.7.4 | |
| claroline | claroline | 1.7.5 | |
| claroline | claroline | 1.7.6 | |
| claroline | claroline | 1.7.7 | |
| claroline | claroline | 1.8.0 | |
| claroline | claroline | 1.8.1 | |
| claroline | claroline | 1.8.2 | |
| claroline | claroline | 1.8.3 | |
| claroline | claroline | 1.8.4 | |
| claroline | claroline | 1.8.5 | |
| claroline | claroline | 1.8.6 | |
| claroline | claroline | 1.8.7 | |
| claroline | claroline | 1.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB3D6E0-D58C-4E98-8FE9-073062D156D6",
"versionEndIncluding": "1.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91188982-B73C-45A1-8FA1-66557D50A6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25E91C51-AA00-452E-B009-CD8EC50F9E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C266BDCB-4533-4697-A13A-22B8DC4A33EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE56684-B98B-4642-93F3-8C6297246E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88E5AD48-31AA-4A9E-969A-6E45E4B6F827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BD0DDD-51EC-40E6-8E6D-635E449478AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA479E-E55B-45B2-9DD2-4E2D088AF51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF8764-0B6C-439B-9333-473F54B9921A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58F1F26-B87D-4445-AB31-0648A7B32E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45E88D7C-9610-4052-BBB0-F5FDC596DBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF4F90D-CBF7-4539-9AA3-2A667C888670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24F49508-B7BC-4971-B3A7-279DCE45E369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34591E8D-FF34-4E78-BA9B-C8C22C38E1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC9DF44-4883-422F-9FB8-57CDE7EA6C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD502BE-8878-461D-AA04-AA450F652DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5CC64-234C-4519-B902-381A023B83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99DB46-C0C6-4A46-A0B2-CC71C10C62A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89AEBCB1-E580-4938-B0F5-9E80CD9F6C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEF851B-0A5C-4336-91D4-0A64DB1A260C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BD4930-4314-476F-8350-F75556CED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7700C1DE-354E-4ED4-B048-5CB5618CA73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE7AB94-491A-44D5-9F68-D43D4810A63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A563F517-117B-49F5-AC3F-C2FEA583EBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D34E7778-31F0-4FC4-98E0-E0C5A3D25538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC99C89-A159-465D-959A-FE3A17C52515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claroline:claroline:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CCABE8BF-C842-41C8-A83F-909948CE8D11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSFR) en Claroline 1.8.10, permite a atacantes remotos modificar contrase\u00f1as, relacionado con la ausencia del requerimiento de la contrase\u00f1a anterior."
}
],
"id": "CVE-2008-3262",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-22T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31116"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4020"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=613634"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=613634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43974"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-37160 (GCVE-0-2022-37160)
Vulnerability from cvelistv5 – Published: 2022-08-25 16:29 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:29:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37160",
"datePublished": "2022-08-25T16:29:01",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37159 (GCVE-0-2022-37159)
Vulnerability from cvelistv5 – Published: 2022-08-25 16:26 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:26:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37159",
"datePublished": "2022-08-25T16:26:37",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37161 (GCVE-0-2022-37161)
Vulnerability from cvelistv5 – Published: 2022-08-25 16:21 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:21:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37161",
"datePublished": "2022-08-25T16:21:28",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37162 (GCVE-0-2022-37162)
Vulnerability from cvelistv5 – Published: 2022-08-25 16:19 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the \u0027Location\u0027 field of a calendar event."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:19:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the \u0027Location\u0027 field of a calendar event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37162",
"datePublished": "2022-08-25T16:19:42",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4753 (GCVE-0-2013-4753)
Vulnerability from cvelistv5 – Published: 2014-12-26 23:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xchg.info/?p=406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the \"First name\" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xchg.info/?p=406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the \"First name\" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xchg.info/?p=406",
"refsource": "MISC",
"url": "http://www.xchg.info/?p=406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4753",
"datePublished": "2014-12-26T23:00:00",
"dateReserved": "2013-07-02T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6267 (GCVE-0-2013-6267)
Vulnerability from cvelistv5 – Published: 2013-12-05 18:00 – Updated: 2024-08-06 17:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:38:59.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124200"
},
{
"name": "55753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55753"
},
{
"name": "claroline-cve20136267-xss(89264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"name": "1029435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124200"
},
{
"name": "55753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55753"
},
{
"name": "claroline-cve20136267-xss(89264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"name": "1029435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23179",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23179"
},
{
"name": "http://packetstormsecurity.com/files/124200",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124200"
},
{
"name": "55753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55753"
},
{
"name": "claroline-cve20136267-xss(89264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"name": "1029435",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029435"
},
{
"name": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413",
"refsource": "CONFIRM",
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6267",
"datePublished": "2013-12-05T18:00:00",
"dateReserved": "2013-10-24T00:00:00",
"dateUpdated": "2024-08-06T17:38:59.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3716 (GCVE-0-2011-3716)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 19:56
VLAI?
Summary
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3716",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:58.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1907 (GCVE-0-2009-1907)
Vulnerability from cvelistv5 – Published: 2009-06-04 16:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35019"
},
{
"name": "claroline-notfound-xss(50404)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
},
{
"name": "20090508 Claroline v.1.8.11 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"name": "1022198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022198"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"name": "34883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35019"
},
{
"name": "claroline-notfound-xss(50404)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
},
{
"name": "20090508 Claroline v.1.8.11 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"name": "1022198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022198"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"name": "34883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35019"
},
{
"name": "claroline-notfound-xss(50404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
},
{
"name": "20090508 Claroline v.1.8.11 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"name": "1022198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022198"
},
{
"name": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"name": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099",
"refsource": "CONFIRM",
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"name": "34883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1907",
"datePublished": "2009-06-04T16:00:00",
"dateReserved": "2009-06-04T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3315 (GCVE-0-2008-3315)
Vulnerability from cvelistv5 – Published: 2008-07-25 16:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080722 [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"name": "30346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30346"
},
{
"name": "4041",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4041"
},
{
"name": "31201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"name": "ADV-2008-2167",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"name": "claroline-courselog-toolaccess-xss(43962)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080722 [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"name": "30346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30346"
},
{
"name": "4041",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4041"
},
{
"name": "31201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"name": "ADV-2008-2167",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"name": "claroline-courselog-toolaccess-xss(43962)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080722 [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"name": "30346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30346"
},
{
"name": "4041",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4041"
},
{
"name": "31201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31201"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=615030",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"name": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11",
"refsource": "CONFIRM",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"name": "ADV-2008-2167",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"name": "claroline-courselog-toolaccess-xss(43962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3315",
"datePublished": "2008-07-25T16:00:00",
"dateReserved": "2008-07-25T00:00:00",
"dateUpdated": "2024-08-07T09:37:25.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37160 (GCVE-0-2022-37160)
Vulnerability from nvd – Published: 2022-08-25 16:29 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:29:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37160",
"datePublished": "2022-08-25T16:29:01",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37159 (GCVE-0-2022-37159)
Vulnerability from nvd – Published: 2022-08-25 16:26 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:26:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37159",
"datePublished": "2022-08-25T16:26:37",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37161 (GCVE-0-2022-37161)
Vulnerability from nvd – Published: 2022-08-25 16:21 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:21:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37161",
"datePublished": "2022-08-25T16:21:28",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37162 (GCVE-0-2022-37162)
Vulnerability from nvd – Published: 2022-08-25 16:19 – Updated: 2024-08-03 10:21
VLAI?
Summary
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the \u0027Location\u0027 field of a calendar event."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T16:19:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the \u0027Location\u0027 field of a calendar event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md",
"refsource": "MISC",
"url": "https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37162",
"datePublished": "2022-08-25T16:19:42",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4753 (GCVE-0-2013-4753)
Vulnerability from nvd – Published: 2014-12-26 23:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xchg.info/?p=406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the \"First name\" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xchg.info/?p=406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the \"First name\" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xchg.info/?p=406",
"refsource": "MISC",
"url": "http://www.xchg.info/?p=406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4753",
"datePublished": "2014-12-26T23:00:00",
"dateReserved": "2013-07-02T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6267 (GCVE-0-2013-6267)
Vulnerability from nvd – Published: 2013-12-05 18:00 – Updated: 2024-08-06 17:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:38:59.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124200"
},
{
"name": "55753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55753"
},
{
"name": "claroline-cve20136267-xss(89264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"name": "1029435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124200"
},
{
"name": "55753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55753"
},
{
"name": "claroline-cve20136267-xss(89264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"name": "1029435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23179",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23179"
},
{
"name": "http://packetstormsecurity.com/files/124200",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124200"
},
{
"name": "55753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55753"
},
{
"name": "claroline-cve20136267-xss(89264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
},
{
"name": "1029435",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029435"
},
{
"name": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413",
"refsource": "CONFIRM",
"url": "http://forum.claroline.net/viewtopic.php?f=88\u0026t=26413"
},
{
"name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6267",
"datePublished": "2013-12-05T18:00:00",
"dateReserved": "2013-10-24T00:00:00",
"dateUpdated": "2024-08-06T17:38:59.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3716 (GCVE-0-2011-3716)
Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-16 19:56
VLAI?
Summary
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/claroline-1.9.7"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3716",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:58.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1907 (GCVE-0-2009-1907)
Vulnerability from nvd – Published: 2009-06-04 16:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35019"
},
{
"name": "claroline-notfound-xss(50404)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
},
{
"name": "20090508 Claroline v.1.8.11 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"name": "1022198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022198"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"name": "34883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35019"
},
{
"name": "claroline-notfound-xss(50404)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
},
{
"name": "20090508 Claroline v.1.8.11 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"name": "1022198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022198"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"name": "34883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35019"
},
{
"name": "claroline-notfound-xss(50404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404"
},
{
"name": "20090508 Claroline v.1.8.11 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded"
},
{
"name": "1022198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022198"
},
{
"name": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html"
},
{
"name": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099",
"refsource": "CONFIRM",
"url": "http://forum.claroline.net/viewtopic.php?f=69\u0026t=16193\u0026p=42102#p42099"
},
{
"name": "34883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1907",
"datePublished": "2009-06-04T16:00:00",
"dateReserved": "2009-06-04T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3315 (GCVE-0-2008-3315)
Vulnerability from nvd – Published: 2008-07-25 16:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080722 [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"name": "30346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30346"
},
{
"name": "4041",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4041"
},
{
"name": "31201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"name": "ADV-2008-2167",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"name": "claroline-courselog-toolaccess-xss(43962)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080722 [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"name": "30346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30346"
},
{
"name": "4041",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4041"
},
{
"name": "31201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"name": "ADV-2008-2167",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"name": "claroline-courselog-toolaccess-xss(43962)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080722 [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494655/100/0/threaded"
},
{
"name": "30346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30346"
},
{
"name": "4041",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4041"
},
{
"name": "31201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31201"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=615030",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=615030"
},
{
"name": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11",
"refsource": "CONFIRM",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11"
},
{
"name": "ADV-2008-2167",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2167/references"
},
{
"name": "claroline-courselog-toolaccess-xss(43962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3315",
"datePublished": "2008-07-25T16:00:00",
"dateReserved": "2008-07-25T00:00:00",
"dateUpdated": "2024-08-07T09:37:25.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}