15 matches found
CVE-2022-37162
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...
PT-2024-10209
Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 13.5.7 Next.js versions 14.0.0 through 14.2.20 Next.js versions 15.0.0 through 15.1.1 Description The issue is related to an unbounded resource allocation in Next.js, which can be exploited to cause a denial of...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37159
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
Cross site scripting
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
Cross site scripting
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37159
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37162
Claroline 13.5.7 and earlier are affected by a stored Cross Site Scripting (XSS) vulnerability in the calendar event Location field, allowing an attacker to inject JavaScript and achieve code execution in the user’s browser. The issue is documented across multiple sources (NVD/Red Hat/CVE registr...
Claroline 跨站脚本漏洞
Claroline is an open source learning management system from Claroline Open Source. A security vulnerability exists in Claroline version 13.5.7 and earlier versions, which stems from a cross-site scripting XSS attack via SVG file uploads...
PT-2022-23848 · Claroline · Claroline
Name of the Vulnerable Software and Affected Versions: Claroline versions 13.5.7 and prior Description: The issue allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. This can be achieved by combining an XSS vulnerability present in several uploa...