Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
claroline claroline 1.8.3 |