Description

Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

Remediation

References

CVE-2009-1907

Related Vulnerabilities

WordPress Plugin wp audio gallery playlist 'playlist.php' SQL Injection (0.12)

WordPress Plugin Author Page Views Cross-Site Scripting (1.0)

Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383)

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7890)

Severity

Medium

Classification

CVE-2009-1907 CWE-707

Tags

Missing Update Known Vulnerabilities