Description

Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

Remediation

References

CVE-2009-1907

Related Vulnerabilities

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20756)

Oracle Database Server Other Vulnerability (CVE-2003-0727)

WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1)

Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10910)

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.0)

Severity

Medium

Classification

CVE-2009-1907 CWE-707

Tags

Missing Update Known Vulnerabilities