{"type": "osvdb", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16528", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 6.8}, "viewCount": 1, "edition": 1, "reporter": "Sieg Fried(Siegfried@zone-h.org)", "title": "Claroline learningPath.php XSS", "affectedSoftware": [{"operator": "eq", "version": "1.5.3", "name": "Claroline"}, {"operator": "eq", "version": "1.6 Release Candidate 1", "name": "Claroline"}, {"operator": "eq", "version": "1.6 beta", "name": "Claroline"}], "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2017-04-28T13:20:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1374"]}, {"type": "osvdb", "idList": ["OSVDB:16523", "OSVDB:16525", "OSVDB:16529", "OSVDB:16521", "OSVDB:16524", "OSVDB:16520", "OSVDB:16522", "OSVDB:16526", "OSVDB:16527"]}, {"type": "exploitdb", "idList": ["EDB-ID:25549", "EDB-ID:25550", "EDB-ID:25551"]}, {"type": "nessus", "idList": ["CLAROLINE_MULT_VULNS.NASL"]}], "modified": "2017-04-28T13:20:12", "rev": 2}, "vulnersScore": 5.3}, "references": [], "id": "OSVDB:16528", "lastseen": "2017-04-28T13:20:12", "cvelist": ["CVE-2005-1374"], "modified": "2005-04-27T08:26:58", "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the learningPath.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the learningPath.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n"}

{"cve": [{"lastseen": "2020-10-03T11:34:54", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.", "edition": 3, "cvss3": {}, "published": "2005-05-03T04:00:00", "title": "CVE-2005-1374", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1374"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:claroline:claroline:1.6_rc1", "cpe:/a:claroline:claroline:1.6_beta", "cpe:/a:claroline:claroline:1.5.3"], "id": "CVE-2005-1374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1374", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the agenda.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the agenda.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16523", "id": "OSVDB:16523", "type": "osvdb", "title": "Claroline agenda.php XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'data' variable upon submission to the user_access_details.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'data' variable upon submission to the user_access_details.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/claroline/tracking/user_access_details.php?cmd=doc&data=%3Cscript%3Ealert('xss');%3C/script%3E\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16524", "id": "OSVDB:16524", "type": "osvdb", "title": "Claroline user_access_details.php data Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tool' variable upon submission to the toolaccess_details.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tool' variable upon submission to the toolaccess_details.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/claroline/tracking/toolaccess_details.php?tool=%3Cscript%3Ealert('xss');%3C/script%3E\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16525", "id": "OSVDB:16525", "type": "osvdb", "title": "Claroline toolaccess_details.php tool Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the learningPathList.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the learningPathList.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16526", "id": "OSVDB:16526", "type": "osvdb", "title": "Claroline learningPathList.php XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the learningPathAdmin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the learningPathAdmin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16527", "id": "OSVDB:16527", "type": "osvdb", "title": "Claroline learningPathAdmin.php XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the userLog.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the userLog.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16529", "id": "OSVDB:16529", "type": "osvdb", "title": "Claroline userLog.php XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the exercise_result.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the exercise_result.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16520", "id": "OSVDB:16520", "type": "osvdb", "title": "Claroline exercise_result.php XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'coursePath' variable upon submission to the myagenda.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'coursePath' variable upon submission to the myagenda.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/claroline/calendar/myagenda.php?coursePath=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16521](https://vulners.com/osvdb/OSVDB:16521)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16522", "id": "OSVDB:16522", "type": "osvdb", "title": "Claroline myagenda.php coursePath Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1374"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the exercice_submit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the exercice_submit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16523](https://vulners.com/osvdb/OSVDB:16523)\n[Related OSVDB ID: 16525](https://vulners.com/osvdb/OSVDB:16525)\n[Related OSVDB ID: 16527](https://vulners.com/osvdb/OSVDB:16527)\n[Related OSVDB ID: 16529](https://vulners.com/osvdb/OSVDB:16529)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16526](https://vulners.com/osvdb/OSVDB:16526)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16524](https://vulners.com/osvdb/OSVDB:16524)\n[Related OSVDB ID: 16528](https://vulners.com/osvdb/OSVDB:16528)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16522](https://vulners.com/osvdb/OSVDB:16522)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20295\n[CVE-2005-1374](https://vulners.com/cve/CVE-2005-1374)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16521", "id": "OSVDB:16521", "type": "osvdb", "title": "Claroline exercice_submit.php XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T01:37:28", "description": "Claroline 1.5/1.6 toolaccess_details.php tool Parameter XSS. CVE-2005-1374. Webapps exploit for php platform", "published": "2005-04-27T00:00:00", "type": "exploitdb", "title": "Claroline 1.5/1.6 toolaccess_details.php tool Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-1374"], "modified": "2005-04-27T00:00:00", "id": "EDB-ID:25549", "href": "https://www.exploit-db.com/exploits/25549/", "sourceData": "source: http://www.securityfocus.com/bid/13407/info\r\n\r\nMultiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.\r\n\r\nMultiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.\r\n\r\nAn attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privileges of an affected Web server. This may facilitate the theft of sensitive information, potentially including authentication credentials, data corruption, and a compromise of the affected computer.\r\n\r\n**Update: Dokeos, which is based on claroline source code, is also prone to come of these issues. \r\n\r\nhttp:///www.example.com/claroline/tracking/toolaccess_details.php?tool=%3Cscript%3Ealert('xss');%3C/script%3E", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25549/"}, {"lastseen": "2016-02-03T01:37:36", "description": "Claroline 1.5/1.6 user_access_details.php data Parameter XSS. CVE-2005-1374. Webapps exploit for php platform", "published": "2005-04-27T00:00:00", "type": "exploitdb", "title": "Claroline 1.5/1.6 user_access_details.php data Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-1374"], "modified": "2005-04-27T00:00:00", "id": "EDB-ID:25550", "href": "https://www.exploit-db.com/exploits/25550/", "sourceData": "source: http://www.securityfocus.com/bid/13407/info\r\n \r\nMultiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.\r\n \r\nMultiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.\r\n \r\nAn attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privileges of an affected Web server. This may facilitate the theft of sensitive information, potentially including authentication credentials, data corruption, and a compromise of the affected computer.\r\n \r\n**Update: Dokeos, which is based on claroline source code, is also prone to come of these issues. \r\n\r\nhttp:///www.example.com/claroline/tracking/user_access_details.php?cmd=doc&data=%3Cscript%3Ealert('xss');%3C/script%3E", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25550/"}, {"lastseen": "2016-02-03T01:37:44", "description": "Claroline 1.5/1.6 myagenda.php coursePath Parameter XSS. CVE-2005-1374. Webapps exploit for php platform", "published": "2005-04-27T00:00:00", "type": "exploitdb", "title": "Claroline 1.5/1.6 myagenda.php coursePath Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-1374"], "modified": "2005-04-27T00:00:00", "id": "EDB-ID:25551", "href": "https://www.exploit-db.com/exploits/25551/", "sourceData": "source: http://www.securityfocus.com/bid/13407/info\r\n \r\nMultiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.\r\n \r\nMultiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.\r\n \r\nAn attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privileges of an affected Web server. This may facilitate the theft of sensitive information, potentially including authentication credentials, data corruption, and a compromise of the affected computer.\r\n \r\n**Update: Dokeos, which is based on claroline source code, is also prone to come of these issues. \r\n\r\nhttp:///www.example.com/claroline/calendar/myagenda.php?coursePath=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25551/"}], "nessus": [{"lastseen": "2021-01-01T01:33:54", "description": "The version of Claroline (an open source, collaborative learning\nenvironment) installed on the remote host suffers from a number of\nremotely-exploitable vulnerabilities, including:\n\n - Multiple Remote File Include Vulnerabilities\n Four scripts let an attacker read arbitrary files on the \n remote host and possibly even run arbitrary PHP code, \n subject to the privileges of the web server user.\n\n - Multiple SQL Injection Vulnerabilities\n Seven scripts let an attacker inject arbitrary input\n into SQL statements, potentially revealing sensitive\n data or altering them.\n\n - Multiple Cross-Site Scripting Vulnerabilities\n An attacker can pass arbitrary HTML and script code\n through any of 10 flawed scripts and potentially have\n that code executed by a user's browser in the context \n of the affected website.\n\n - Multiple Directory Traversal Vulnerabilities\n By exploiting flaws in 'claroline/document/document.php' \n and 'claroline/learnPath/insertMyDoc.php', project leaders\n (teachers) are able to upload files to arbitrary folders \n or copy/move/delete (then view) files of arbitrary folders.", "edition": 23, "published": "2005-04-29T00:00:00", "title": "Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1376", "CVE-2005-1375", "CVE-2005-1377", "CVE-2005-1374"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "CLAROLINE_MULT_VULNS.NASL", "href": "https://www.tenable.com/plugins/nessus/18165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18165);\n script_version(\"1.21\");\n\n script_cve_id(\n \"CVE-2005-1374\", \n \"CVE-2005-1375\", \n \"CVE-2005-1376\", \n \"CVE-2005-1377\"\n );\n script_bugtraq_id(13407);\n\n script_name(english:\"Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is prone to a\nvariety of attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Claroline (an open source, collaborative learning\nenvironment) installed on the remote host suffers from a number of\nremotely-exploitable vulnerabilities, including:\n\n - Multiple Remote File Include Vulnerabilities\n Four scripts let an attacker read arbitrary files on the \n remote host and possibly even run arbitrary PHP code, \n subject to the privileges of the web server user.\n\n - Multiple SQL Injection Vulnerabilities\n Seven scripts let an attacker inject arbitrary input\n into SQL statements, potentially revealing sensitive\n data or altering them.\n\n - Multiple Cross-Site Scripting Vulnerabilities\n An attacker can pass arbitrary HTML and script code\n through any of 10 flawed scripts and potentially have\n that code executed by a user's browser in the context \n of the affected website.\n\n - Multiple Directory Traversal Vulnerabilities\n By exploiting flaws in 'claroline/document/document.php' \n and 'claroline/learnPath/insertMyDoc.php', project leaders\n (teachers) are able to upload files to arbitrary folders \n or copy/move/delete (then view) files of arbitrary folders.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d5e500e\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Claroline version 1.5.4 / 1.6.0 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/04/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/04/27\");\n script_cvs_date(\"Date: 2018/06/13 18:56:26\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for multiple input validation vulnerabilities in Claroline < 1.5.4 / 1.6.0\";\n\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"claroline_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/claroline\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80, embedded: 0);\nif (!can_host_php(port:port)) exit(0);\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/claroline\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches))\n{\n dir = matches[2];\n\n # Check for the vulnerability by trying to grab a file.\n r = http_send_recv3(method:\"GET\", port: port,\n item:string(\n dir, \"/claroline/inc/claro_init_header.inc.php?\",\n \"includePath=/etc/passwd%00\"));\n if (isnull(r)) exit(0);\n res = r[2];\n\n # It's a problem if there's an entry for root.\n if (egrep(string:res, pattern:\"root:.+:0:\")) {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}