Описание
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
Ссылки
- PatchVendor Advisory
- Patch
- ExploitPatch
- PatchVendor Advisory
- Patch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.5 (включая)
cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01519
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
EPSS
Процентиль: 81%
0.01519
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79