CVE-2007-4717
Claroline < 1.8.5 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Fernando Munoz · textwebappsphp
https://www.exploit-db.com/exploits/30557
exploitdb
WRITEUP
VERIFIED
by Fernando Munoz · textwebappsphp
https://www.exploit-db.com/exploits/30558
exploitdb
WRITEUP
VERIFIED
by Fernando Munoz · textwebappsphp
https://www.exploit-db.com/exploits/30559
References (8)
Scores
EPSS
0.0152
EPSS Percentile
81.0%
Classification
CWE
CWE-79
Status
draft
Affected Products (1)
claroline/claroline
< 1.8.5
Timeline
Published
Sep 05, 2007
Tracked Since
Feb 18, 2026