claroline

Top products

The 15 most recently published vulnerabilities affecting claroline.

• CVE-2022-37160Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms...5.4Aug 25, 2022
• CVE-2022-37159Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.9.8Aug 25, 2022
• CVE-2022-37161Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.6.1Aug 25, 2022
• CVE-2022-37162Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar ev...5.4Aug 25, 2022
• CVE-2013-4753Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox acti...3.5Dec 26, 2014
• CVE-2013-6267Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, c...4.3Dec 5, 2013
• CVE-2011-3716Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connect...5.0Sep 23, 2011
• CVE-2009-1907Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.4.3Jun 4, 2009
• CVE-2008-3315Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b)...4.3Jul 25, 2008
• CVE-2008-3262Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.5.8Jul 22, 2008
• CVE-2008-3261Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url...4.3Jul 22, 2008
• CVE-2008-3260Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to docume...4.3Jul 22, 2008
• CVE-2007-4742Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an er...4.3Sep 6, 2007
• CVE-2007-4741Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. ...3.5Sep 6, 2007
• CVE-2007-4718Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language param...5.1Sep 5, 2007