Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.
References
Link | Resource |
---|---|
http://www.xchg.info/?p=406 | Exploit |
http://www.xchg.info/?p=406 | Exploit |
Configurations
History
21 Nov 2024, 01:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.xchg.info/?p=406 - Exploit |
Information
Published : 2014-12-26 23:59
Updated : 2024-11-21 01:56
NVD link : CVE-2013-4753
Mitre link : CVE-2013-4753
CVE.ORG link : CVE-2013-4753
JSON object : View
Products Affected
claroline
- claroline
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')