0.001 Low
EPSS
Percentile
23.5%
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the βLocationβ field of a calendar event.