CVE-2008-3260
published 2008-07-22CVE-2008-3260: Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.63%
90.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| claroline | claroline | <= 1.8.9 | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
| claroline | claroline | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Claroline 1.8.9 - 'phpBB/reply.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'phpBB/reply.php' Cross-Site Scripting
Claroline 1.8.9 - 'phpBB/reply.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/phpbb/reply.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'course/index.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'course/index.php' Cross-Site Scripting
Claroline 1.8.9 - 'course/index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/course/index.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - '/phpBB/newtopic.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - '/phpBB/newtopic.php' Cross-Site Scripting
Claroline 1.8.9 - '/phpBB/newtopic.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/phpbb/newtopic.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'document/document.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'document/document.php' Cross-Site Scripting
Claroline 1.8.9 - 'document/document.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/document/document.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'calendar/agenda.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'calendar/agenda.php' Cross-Site Scripting
Claroline 1.8.9 - 'calendar/agenda.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/calendar/agenda.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'course_description/index.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'course_description/index.php' Cross-Site Scripting
Claroline 1.8.9 - 'course_description/index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/course_description/index.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'phpBB/viewtopic.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'phpBB/viewtopic.php' Cross-Site Scripting
Claroline 1.8.9 - 'phpBB/viewtopic.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/phpbb/viewtopic.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'wiki/wiki.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'wiki/wiki.php' Cross-Site Scripting
Claroline 1.8.9 - 'wiki/wiki.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/wiki/wiki.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'exercise/exercise.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'exercise/exercise.php' Cross-Site Scripting
Claroline 1.8.9 - 'exercise/exercise.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/exercise/exercise.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'group/group_space.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'group/group_space.php' Cross-Site Scripting
Claroline 1.8.9 - 'group/group_space.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/group/group_space.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'announcements/announcements.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'announcements/announcements.php' Cross-Site Scripting
Claroline 1.8.9 - 'announcements/announcements.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/announcements/announcements.php?">alert('DSecRGXSS')
Exploit-DB
Claroline 1.8.9 - 'work/work.php' Cross-Site Scripting
exploitdb·2008-07-15
CVE-2008-3260 Claroline 1.8.9 - 'work/work.php' Cross-Site Scripting
Claroline 1.8.9 - 'work/work.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/30269/info
Claroline is prone to multiple input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
Versions prior to Claroline 1.8.10 are vulnerable.
http://www.example.com/claroline/work/work.php?">alert('DSecRGXSS')
No writeups or analysis indexed.
http://claroline.svn.sourceforge.net/viewrc/claroline/branches/1.8/claroline/?sortby=date#dirlisthttp://secunia.com/advisories/31116http://securityreason.com/securityalert/4020http://sourceforge.net/project/shownotes.php?release_id=613634http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10http://www.securityfocus.com/archive/1/494539/100/0/threadedhttp://www.securityfocus.com/bid/30269https://exchange.xforce.ibmcloud.com/vulnerabilities/43854http://claroline.svn.sourceforge.net/viewrc/claroline/branches/1.8/claroline/?sortby=date#dirlisthttp://secunia.com/advisories/31116http://securityreason.com/securityalert/4020http://sourceforge.net/project/shownotes.php?release_id=613634http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10http://www.securityfocus.com/archive/1/494539/100/0/threadedhttp://www.securityfocus.com/bid/30269https://exchange.xforce.ibmcloud.com/vulnerabilities/43854
2008-07-22
Published