WEB APPLICATION VULNERABILITIES Standard & Premium

Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37161)

Description

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.

Remediation

References

Related Vulnerabilities

WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.0)

Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)

Drupal Core 9.0.0 Cross-Site Request Forgery (9.0.0)

Joomla Improper Input Validation Vulnerability (CVE-2021-26029)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12625)

Severity

Medium

Classification

CVE-2022-37161 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities