Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.
Remediation
References
Related Vulnerabilities
JBoss Application Server Privilege Escalation Vulnerability (CVE-2007-1354)
WordPress Plugin WooCommerce Upload Files Arbitrary File Upload (59.3)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-7234)