Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.

Remediation

References

CVE-2013-6267

Related Vulnerabilities

Joomla Missing Authentication for Critical Function Vulnerability (CVE-2019-10946)

XWiki Missing Authorization Vulnerability (CVE-2022-41937)

MySQL CVE-2023-22064 Vulnerability (CVE-2023-22064)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4921)

MySQL CVE-2019-2580 Vulnerability (CVE-2019-2580)

Severity

Medium

Classification

CVE-2013-6267 CWE-707

Tags

Missing Update Known Vulnerabilities