Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.
References
Link | Resource |
---|---|
http://www.xchg.info/?p=406 | Exploit |
Configurations
Information
Published : 2014-12-26 15:59
Updated : 2014-12-29 14:53
NVD link : CVE-2013-4753
Mitre link : CVE-2013-4753
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
claroline
- claroline