Claroline Prior to 1.8.10 Multiple Input Validation Vulnerabilities

Bugtraq ID:	30269
Class:	Input Validation Error
CVE:	CVE-2008-3261 CVE-2008-3260
Remote:	Yes
Local:	No
Published:	Jul 15 2008 12:00AM
Updated:	Jul 05 2016 10:01PM
Credit:	Digital Security Research Group
Vulnerable:	Claroline Claroline 1.8.9
Not Vulnerable:	Claroline Claroline 1.8.10

Claroline Prior to 1.8.10 Multiple Input Validation Vulnerabilities

Claroline is prone to multiple input-validation vulnerabilities:

1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.

Versions prior to Claroline 1.8.10 are vulnerable.

Claroline Prior to 1.8.10 Multiple Input Validation Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting to follow a malicious URI.

The following proof-of-concept URIs are available:

• /data/vulnerabilities/exploits/30269.html

Claroline Prior to 1.8.10 Multiple Input Validation Vulnerabilities

Solution:
The vendor has released updates. Please see the references for more information.

Claroline Prior to 1.8.10 Multiple Input Validation Vulnerabilities

References:

• Claroline Homepage (Claroline)
  
• Claroline Project Page (Claroline)
  
• Claroline Release Notes (Claroline)
  
• [DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities (Digital Security Research Group \[DSecRG\] )