Description
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
Remediation
References
Related Vulnerabilities
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-2397)
WordPress Plugin Postman SMTP Mailer/Email Log Cross-Site Scripting (2.0.0)
PHP Out-of-bounds Read Vulnerability (CVE-2017-12933)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1)