2 matches found
CVE-2022-37162
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...
CVE-2022-37162
Claroline 13.5.7 and earlier are affected by a stored Cross Site Scripting (XSS) vulnerability in the calendar event Location field, allowing an attacker to inject JavaScript and achieve code execution in the user’s browser. The issue is documented across multiple sources (NVD/Red Hat/CVE registr...