Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.

Remediation

References

CVE-2007-3517

Related Vulnerabilities

WordPress Plugin Arlo training and event management system Cross-Site Scripting (2.1.7.1)

WordPress Plugin moreAds SE Open Redirect (1.4.8)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4281)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.8)

Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664)

Severity

Medium

Classification

CVE-2007-3517

Tags

Missing Update Known Vulnerabilities