Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
Remediation
References
Related Vulnerabilities
OpenSSL Cryptographic Issues Vulnerability (CVE-2009-3555)
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.7)
MySQL CVE-2015-4816 Vulnerability (CVE-2015-4816)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.24)
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-26048)