Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.5 views

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

5.4CVSS7.1AI score0.00609EPSS
Exploits1References1
OSV
OSV
added 2022/08/25 5:15 p.m.11 views

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

6.1CVSS6AI score
Exploits0References1
NVD
NVD
added 2022/08/25 5:15 p.m.17 views

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

6.1CVSS0.0055EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/25 5:15 p.m.5 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4CVSS6.1AI score0.0053EPSS
Exploits1References2
OSV
OSV
added 2022/08/25 5:15 p.m.18 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4CVSS6AI score
Exploits0References1
Prion
Prion
added 2022/08/25 5:15 p.m.16 views

Cross site scripting

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

5.8CVSS6AI score0.0055EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/08/25 5:15 p.m.18 views

Cross site scripting

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

4.9CVSS5.2AI score0.0053EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/25 4:29 p.m.26 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4AI score0.0053EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/08/25 4:21 p.m.22 views

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

6.2AI score0.0055EPSS
Exploits1References1
Rows per page
Query Builder