Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via 1 the Search field in an inbox action to messaging/messagebox.php, 2 the "First name" field to auth/profile.php, or 3 the Speakers field in...