Lucene search
K

357 matches found

NVD
NVD
added 2022/08/25 5:15 p.m.21 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4CVSS0.0053EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/25 5:15 p.m.6 views

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

6.1CVSS6.4AI score0.0055EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/25 5:15 p.m.4 views

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

5.4CVSS6.6AI score0.00609EPSS
Exploits1References2
NVD
NVD
added 2022/08/25 5:15 p.m.17 views

CVE-2022-37159

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...

9.8CVSS0.24903EPSS
Exploits1References1
NVD
NVD
added 2022/08/25 5:15 p.m.17 views

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

6.1CVSS0.0055EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/25 5:15 p.m.4 views

CVE-2022-37159

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...

9.8CVSS7.8AI score0.24903EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/25 5:15 p.m.6 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4CVSS6.1AI score0.0053EPSS
Exploits1References2
Prion
Prion
added 2022/08/25 5:15 p.m.19 views

Cross site scripting

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

4.9CVSS5.2AI score0.0053EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/08/25 5:15 p.m.16 views

Cross site scripting

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

5.8CVSS6AI score0.0055EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/08/25 4:29 p.m.363 views

CVE-2022-37160

CVE-2022-37160 affects Claroline 13.5.7 and earlier. Affected component: the combination of an XSS vulnerability in several upload forms and a JavaScript request to the API enables an authenticated attacker to create a user with administrative privileges by opening an SVG file as an administrator...

5.4CVSS5.2AI score0.0053EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/25 4:29 p.m.27 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4AI score0.0053EPSS
Exploits1References1
OSV
OSV
added 2022/08/25 4:29 p.m.19 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4CVSS6AI score0.0053EPSS
Exploits1References3
CVE
CVE
added 2022/08/25 4:26 p.m.58 views

CVE-2022-37159

CVE-2022-37159 affects Claroline 13.5.7 and earlier. The vulnerability is Remote Code Execution through arbitrary file upload, arising from insecure file upload handling. The NVD/Red Hat/etc. entries annotate a critical impact (CVSS 3.1: 9.8) with network attack, no user interaction, and high imp...

9.8CVSS9.7AI score0.24903EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/25 4:26 p.m.23 views

CVE-2022-37159

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload...

9.9AI score0.24903EPSS
Exploits1References1
CVE
CVE
added 2022/08/25 4:21 p.m.53 views

CVE-2022-37161

CVE-2022-37161 affects Claroline Open Source LMS (version

6.1CVSS6AI score0.0055EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/25 4:21 p.m.23 views

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

6.2AI score0.0055EPSS
Exploits1References1
OSV
OSV
added 2022/08/25 4:21 p.m.12 views

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

6.1CVSS6AI score0.0055EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/08/25 4:19 p.m.24 views

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

6AI score0.00609EPSS
Exploits1References1
CVE
CVE
added 2022/08/25 4:19 p.m.58 views

CVE-2022-37162

Claroline 13.5.7 and earlier are affected by a stored Cross Site Scripting (XSS) vulnerability in the calendar event Location field, allowing an attacker to inject JavaScript and achieve code execution in the user’s browser. The issue is documented across multiple sources (NVD/Red Hat/CVE registr...

5.4CVSS5.7AI score0.00609EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/08/25 4:19 p.m.10 views

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

5.4CVSS6.9AI score0.00609EPSS
Exploits1References3
Rows per page
Query Builder