CVE-2005-1374
published 2005-05-03CVE-2005-1374: Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject…
PriorityP425medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.86%
90.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xqxx-r4pj-7cv5: Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2008-3315 [MEDIUM] CWE-79 GHSA-xqxx-r4pj-7cv5: Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
GHSA
GHSA-c2jc-qcxf-rg39: Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1
ghsa_unreviewed·2022-05-01
CVE-2005-1374 [MEDIUM] GHSA-c2jc-qcxf-rg39: Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
Red Hat
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
vendor_redhat·2008-04-01·CVSS 10.0
CVE-2008-1374 [CRITICAL] cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
No detection rules found.
Exploit-DB
Claroline 1.5/1.6 - 'user_access_details.php?data' Cross-Site Scripting
exploitdb·2005-04-27
CVE-2005-1374 Claroline 1.5/1.6 - 'user_access_details.php?data' Cross-Site Scripting
Claroline 1.5/1.6 - 'user_access_details.php?data' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13407/info
Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.
Multiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.
An attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privil
Exploit-DB
Claroline 1.5/1.6 - 'toolaccess_details.php?tool' Cross-Site Scripting
exploitdb·2005-04-27
CVE-2005-1374 Claroline 1.5/1.6 - 'toolaccess_details.php?tool' Cross-Site Scripting
Claroline 1.5/1.6 - 'toolaccess_details.php?tool' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13407/info
Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.
Multiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.
An attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privile
Exploit-DB
Claroline 1.5/1.6 - 'myagenda.php?coursePath' Cross-Site Scripting
exploitdb·2005-04-27
CVE-2005-1374 Claroline 1.5/1.6 - 'myagenda.php?coursePath' Cross-Site Scripting
Claroline 1.5/1.6 - 'myagenda.php?coursePath' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13407/info
Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.
Multiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.
An attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privileges
http://marc.info/?l=bugtraq&m=111464607103407&w=2http://secunia.com/advisories/15161http://secunia.com/advisories/15725http://securitytracker.com/id?1013822http://www.claroline.net/news.php#85http://www.securityfocus.com/bid/13407https://exchange.xforce.ibmcloud.com/vulnerabilities/20295http://marc.info/?l=bugtraq&m=111464607103407&w=2http://secunia.com/advisories/15161http://secunia.com/advisories/15725http://securitytracker.com/id?1013822http://www.claroline.net/news.php#85http://www.securityfocus.com/bid/13407https://exchange.xforce.ibmcloud.com/vulnerabilities/20295
2005-05-03
Published