Description

Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.

Remediation

References

CVE-2006-1595

Related Vulnerabilities

Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2019-12855)

PHP Improper Input Validation Vulnerability (CVE-2008-7068)

WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting Vulnerabilities (2.4.1)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-37270)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1157)

Severity

Medium

Classification

CVE-2006-1595

Tags

Missing Update Known Vulnerabilities