Claroline Cross-Site Scripting Vulnerabilities

2006-06-28 / 2006-06-29

Credit: bug (at) securitynews (dot) ir

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-3257

CWE: CWE-Other

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

------------------------------------------------------------------
[#] Security Advisory
[^] http://securitynews.ir/
[>] Advisory Title: Claroline Cross-Site Scripting Vulnerabilities
[@] Author : bug [@] securitynews.ir
[$] Product Vendor : http://www.claroline.net/
[.] Affected Versions : 1.7.7 (and maybe before)
[/] Release Date : 06/26/2006
------------------------------------------------------------------
[*] Overview :
Claroline is a free application based on PHP/MySQL allowing
teachers or education organizations to create and administrate
courses through the web .
Several cross-site scripting bugs have been found in
Claroline 1.7.7 .
[*] Details :
No exploitable details are going to be released .
[*] Solution :
Vendor contacted on 06/25/2006. The vendor has been released
a security patch :
http://www.claroline.net/dlarea/claroline.patch17701.zip
------------------------------
http://securitynews.ir/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Claroline Cross-Site Scripting Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.