9 matches found
CVE-2022-37162
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
Cross site scripting
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
Cross site scripting
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...