Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
Exploits (12)
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32070
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32069
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32068
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32067
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32065
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32064
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32063
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32062
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32061
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32060
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32059
exploitdb
WRITEUP
VERIFIED
by Digital Security Research Group · textwebappsphp
https://www.exploit-db.com/exploits/32066
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494539/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4020
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30269
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43854
Product x_refsource_confirm
http://claroline.svn.sourceforge.net/viewrc/claroline/branches/1.8/claroline/?sortby=date#dirlist
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=613634
Third Party Advisory x_refsource_confirm
http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31116
Scores
EPSS
0.0165
EPSS Percentile
82.1%
Details
CWE
CWE-79
Status
published
Products (27)
claroline/claroline
1.2
claroline/claroline
1.3
claroline/claroline
1.4
claroline/claroline
1.5
claroline/claroline
1.5.3
claroline/claroline
1.5.4
claroline/claroline
1.6
claroline/claroline
1.6_beta
claroline/claroline
1.6_rc1
claroline/claroline
1.7
... and 17 more
Published
Jul 22, 2008
Tracked Since
Feb 18, 2026