Unknown
CVE-2008-3260
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- claroline,
- claroline 1.2,
- claroline 1.3,
- claroline 1.4,
- claroline 1.5,
- claroline 1.5.3,
- claroline 1.5.4,
- claroline 1.6,
- claroline 1.6 beta,
- claroline 1.6 rc1,
- claroline 1.7,
- claroline 1.7.1,
- claroline 1.7.2,
- claroline 1.7.3,
- claroline 1.7.4,
- claroline 1.7.5,
- claroline 1.7.6,
- claroline 1.7.7,
- claroline 1.8.0,
- claroline 1.8.1,
- claroline 1.8.2,
- claroline 1.8.3,
- claroline 1.8.4,
- claroline 1.8.5,
- claroline 1.8.6,
- claroline 1.8.7,
- claroline 1.8.8
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
