12 lines
No EOL
636 B
Text
12 lines
No EOL
636 B
Text
source: http://www.securityfocus.com/bid/30269/info
|
|
|
|
Claroline is prone to multiple input-validation vulnerabilities:
|
|
|
|
1. Multiple cross-site scripting vulnerabilities.
|
|
2. A remote URI-redirection vulnerability.
|
|
|
|
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
|
|
|
|
Versions prior to Claroline 1.8.10 are vulnerable.
|
|
|
|
http://www.example.com/claroline/course_description/index.php?"><script>alert('DSecRGXSS')</script> |