Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2013-6267

Disclosure Date: December 05, 2013 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.
0
0
Attacker Value
Unknown

CVE-2011-3716

Disclosure Date: September 23, 2011 (last updated October 04, 2023)
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
0
0