Description

Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

Remediation

References

CVE-2009-1907

Related Vulnerabilities

Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)

WordPress Plugin Catch Import Export Security Bypass (1.8)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)

WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)

Mailman Other Vulnerability (CVE-2006-0052)

Severity

Medium

Classification

CVE-2009-1907 CWE-707

Tags

Missing Update Known Vulnerabilities