Claroline Security Vulnerabilities and Issues — Claroline CVE List

Lucene search

ClarolineClaroline

4 matches found

CVE•added 2008/07/25 4:41 p.m.•46 views

CVE-2008-3315

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) le...

4.3CVSS5.8AI score0.02567EPSS

Web

CVE•added 2008/07/22 5:41 p.m.•43 views

CVE-2008-3261

Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

4.3CVSS6.7AI score0.06039EPSS

Web

CVE•added 2008/07/22 5:41 p.m.•32 views

CVE-2008-3260

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, ...

4.3CVSS5.8AI score0.02008EPSS

Web

CVE•added 2008/07/22 5:41 p.m.•32 views

CVE-2008-3262

Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.

5.8CVSS6.9AI score0.00312EPSS