Description

Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.

Remediation

References

CVE-2006-1595

Related Vulnerabilities

WordPress Plugin Abstract Submission Local File Inclusion (0.6)

WordPress Plugin Woocommerce Products Price Bulk Edit Cross-Site Scripting (2.2.0)

WordPress Plugin WP Scrippets Cross-Site Scripting (1.5.1)

Oracle Database Server CVE-2015-0455 Vulnerability (CVE-2015-0455)

WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)

Severity

Medium

Classification

CVE-2006-1595

Tags

Missing Update Known Vulnerabilities