Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3092)
WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)
WordPress Plugin Gmedia Photo Gallery Multiple Cross-Site Scripting Vulnerabilities (1.18.4)