header-logo
Suggest Exploit
vendor:
Claroline
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting, URI-Redirection
79,601
CWE
Product Name: Claroline
Affected Version From: 1.8.10
Affected Version To: Prior versions
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Claroline Multiple Input-Validation Vulnerabilities

Claroline is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities and a remote URI-redirection vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.

Mitigation:

Users should upgrade to the latest version of Claroline.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30269/info
            
Claroline is prone to multiple input-validation vulnerabilities:
            
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
            
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
            
Versions prior to Claroline 1.8.10 are vulnerable. 

http://www.example.com/[installdir]/claroline/redirector.php?url=http://www.example2.com

Navigation

Suggest Exploit

Services By CQR