Description

Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.

Remediation

References

CVE-2006-1595

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-2397)

WordPress Plugin Postman SMTP Mailer/Email Log Cross-Site Scripting (2.0.0)

PHP Out-of-bounds Read Vulnerability (CVE-2017-12933)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)

WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1)

Severity

Medium

Classification

CVE-2006-1595

Tags

Missing Update Known Vulnerabilities