Описание
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.5 (включая)
cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
EPSS
Процентиль: 54%
0.00309
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20