WEB APPLICATION VULNERABILITIES Standard & Premium

Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37161)

Description

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.

Remediation

References

Related Vulnerabilities

Jboss EAP Files or Directories Accessible to External Parties Vulnerability (CVE-2021-3717)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

WordPress Plugin Keyword Meta Cross-Site Request Forgery (3.0)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3673)

TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23494)

Severity

Medium

Classification

CVE-2022-37161 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities