3 matches found
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
CVE-2022-37160
CVE-2022-37160 affects Claroline 13.5.7 and earlier. Affected component: the combination of an XSS vulnerability in several upload forms and a JavaScript request to the API enables an authenticated attacker to create a user with administrative privileges by opening an SVG file as an administrator...