CVE-2005-1374

Claroline 1.5.3-1.6 RC - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Sieg Fried · textwebappsphp

https://www.exploit-db.com/exploits/25550

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Sieg Fried · textwebappsphp

https://www.exploit-db.com/exploits/25549

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Sieg Fried · textwebappsphp

https://www.exploit-db.com/exploits/25551

View Code ZIP pw:eip

References (7)

Core 7

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13407

Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15161

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/20295

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111464607103407&w=2

Exploit, Patch, Vendor Advisory x_refsource_confirm

http://www.claroline.net/news.php#85

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1013822

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15725

Scores

EPSS 0.0257

EPSS Percentile 85.6%

Details

Status published

Products (3)

claroline/claroline 1.5.3

claroline/claroline 1.6_beta

claroline/claroline 1.6_rc1

Published May 03, 2005

Tracked Since Feb 18, 2026