357 matches found
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37162
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...
CVE-2022-37159
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37159
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
Cross site scripting
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
Cross site scripting
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37160
CVE-2022-37160 affects Claroline 13.5.7 and earlier. Affected component: the combination of an XSS vulnerability in several upload forms and a JavaScript request to the API enables an authenticated attacker to create a user with administrative privileges by opening an SVG file as an administrator...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37159
CVE-2022-37159 affects Claroline 13.5.7 and earlier. The vulnerability is Remote Code Execution through arbitrary file upload, arising from insecure file upload handling. The NVD/Red Hat/etc. entries annotate a critical impact (CVSS 3.1: 9.8) with network attack, no user interaction, and high imp...
CVE-2022-37159
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...
CVE-2022-37161
CVE-2022-37161 affects Claroline Open Source LMS (version
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37161
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...
CVE-2022-37162
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...
CVE-2022-37162
Claroline 13.5.7 and earlier are affected by a stored Cross Site Scripting (XSS) vulnerability in the calendar event Location field, allowing an attacker to inject JavaScript and achieve code execution in the user’s browser. The issue is documented across multiple sources (NVD/Red Hat/CVE registr...
CVE-2022-37162
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...