Claroline » Claroline : Security Vulnerabilities Published In 2007 (Cross Site Scripting (XSS))
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2007-4742 |
20 |
|
XSS +Info |
2007-09-06 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. |
2 |
CVE-2007-4741 |
79 |
|
XSS |
2007-09-06 |
2008-09-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
3 |
CVE-2007-4717 |
79 |
|
XSS |
2007-09-05 |
2011-03-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. |
4 |
CVE-2007-3517 |
|
|
XSS |
2007-07-03 |
2011-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. |
Total number of vulnerabilities :
4
Page :
1
(This Page)