CVE-2007-4717
Claroline < 1.8.5 - Authenticated Cross-Site Scripting via Admin Parameters
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2007-4717. PoCs published by Fernando Munoz.
AI-analyzed exploit summary The provided text describes a local file inclusion vulnerability and multiple XSS vulnerabilities in Claroline versions prior to 1.8.6. It includes a sample URL demonstrating an XSS attack vector but lacks executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
Exploits (3)
The provided text describes a local file inclusion vulnerability and multiple XSS vulnerabilities in Claroline versions prior to 1.8.6. It includes a sample URL demonstrating an XSS attack vector but lacks executable exploit code.
The provided text describes a local file inclusion vulnerability and multiple XSS vulnerabilities in Claroline versions prior to 1.8.6. It includes a sample URL for XSS exploitation but lacks actual exploit code.
The provided text describes a local file-include vulnerability and multiple XSS vulnerabilities in Claroline versions prior to 1.8.6. It includes example URLs demonstrating the XSS vectors but does not contain executable exploit code.