Description
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-38161)
WordPress Plugin Events Manager Multiple Cross-Site Scripting Vulnerabilities (5.3.3)
Apache HTTP Server Other Vulnerability (CVE-2003-0132)
ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)