Description
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
Remediation
References
Related Vulnerabilities
WordPress Plugin Abstract Submission Local File Inclusion (0.6)
WordPress Plugin Woocommerce Products Price Bulk Edit Cross-Site Scripting (2.2.0)
WordPress Plugin WP Scrippets Cross-Site Scripting (1.5.1)
Oracle Database Server CVE-2015-0455 Vulnerability (CVE-2015-0455)
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)