CVE-2007-4717
published 2007-09-05CVE-2007-4717: Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML…
PriorityP414low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
3.11%
86.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| claroline | claroline | <= 1.8.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Claroline 1.x - '/admin/campusProblem.php?view' Cross-Site Scripting
exploitdb·2007-09-03
CVE-2007-4717 Claroline 1.x - '/admin/campusProblem.php?view' Cross-Site Scripting
Claroline 1.x - '/admin/campusProblem.php?view' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/25521/info
Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities.
An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which may aid in further attacks.The attacker may also be able to execute arbitray code in the context of the webserver. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Claroline 1.8.6 are vulnerable.
http://www.example.com/admin/campusProblem.php?view=[XSS]
Exploit-DB
Claroline 1.x - '/admin/advancedUserSearch.php?action' Cross-Site Scripting
exploitdb·2007-09-03
CVE-2007-4717 Claroline 1.x - '/admin/advancedUserSearch.php?action' Cross-Site Scripting
Claroline 1.x - '/admin/advancedUserSearch.php?action' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/25521/info
Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities.
An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which may aid in further attacks.The attacker may also be able to execute arbitray code in the context of the webserver. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Claroline 1.8.6 are vulnerable.
http://www.example.com/admin/advancedUserSearch.php?action=[XSS]
Exploit-DB
Claroline 1.x - '/admin/adminusers.php?dir' Cross-Site Scripting
exploitdb·2007-09-03
CVE-2007-4717 Claroline 1.x - '/admin/adminusers.php?dir' Cross-Site Scripting
Claroline 1.x - '/admin/adminusers.php?dir' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/25521/info
Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities.
An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which may aid in further attacks.The attacker may also be able to execute arbitray code in the context of the webserver. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Claroline 1.8.6 are vulnerable.
http://www.example.com/admin/adminusers.php?dir=[XSS]
http://www.example.com/admin/adminusers.php?sort=[XSS]
No writeups or analysis indexed.
http://osvdb.org/38925http://osvdb.org/38926http://osvdb.org/38927http://secunia.com/advisories/26685http://www.claroline.net/forum/viewtopic.php?t=13448http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Securityhttp://www.securityfocus.com/bid/25521http://www.vupen.com/english/advisories/2007/3045http://osvdb.org/38925http://osvdb.org/38926http://osvdb.org/38927http://secunia.com/advisories/26685http://www.claroline.net/forum/viewtopic.php?t=13448http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Securityhttp://www.securityfocus.com/bid/25521http://www.vupen.com/english/advisories/2007/3045
2007-09-05
Published