12 lines
No EOL
592 B
Text
12 lines
No EOL
592 B
Text
source: https://www.securityfocus.com/bid/30269/info
|
|
|
|
Claroline is prone to multiple input-validation vulnerabilities:
|
|
|
|
1. Multiple cross-site scripting vulnerabilities.
|
|
2. A remote URI-redirection vulnerability.
|
|
|
|
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
|
|
|
|
Versions prior to Claroline 1.8.10 are vulnerable.
|
|
|
|
http://www.example.com/[installdir]/claroline/redirector.php?url=http://www.example2.com |