BID:30346

Claroline Prior to 1.8.11 Multiple Cross-Site Scripting Vulnerabilities

Info

Claroline Prior to 1.8.11 Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	30346
Class:	Input Validation Error
CVE:	CVE-2008-3315
Remote:	Yes
Local:	No
Published:	Jul 22 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	Digital Security Research Group [DSecRG]
Vulnerable:	Claroline Claroline 1.8.10 Claroline Claroline 1.8.9 Claroline Claroline 1.8.8 Claroline Claroline 1.8.7 Claroline Claroline 1.8.6 Claroline Claroline 1.8.5 Claroline Claroline 1.8.4 Claroline Claroline 1.8.3 Claroline Claroline 1.8.2 Claroline Claroline 1.8.1 Claroline Claroline 1.8 rc1 Claroline Claroline 1.8

Not Vulnerable:	Claroline Claroline 1.8.11

Discussion

Claroline Prior to 1.8.11 Multiple Cross-Site Scripting Vulnerabilities

Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Claroline 1.8.11 are vulnerable.

Exploit / POC

Claroline Prior to 1.8.11 Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

/data/vulnerabilities/exploits/30346.html

Solution / Fix

Claroline Prior to 1.8.11 Multiple Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released Claroline 1.8.11. Please see the references for more information.

Claroline Claroline 1.8