Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.

Remediation

References

CVE-2005-1374

Related Vulnerabilities

Magento Improper Authorization Vulnerability (CVE-2020-24402)

WordPress Plugin MailPress Remote Code Execution (7.0.2)

WordPress Plugin DFD Reddcoin Tips Cross-Site Scripting (1.1.1)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15083)

Contao Improper Input Validation Vulnerability (CVE-2020-25768)

Severity

Medium

Classification

CVE-2005-1374

Tags

Missing Update Known Vulnerabilities