Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3315

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3315
Last Modified 07 Mar 2011 10:10:35
Published 25 Jul 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3315

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.

Vulnerable Systems

Application

  • Claroline 1.8.10


References

BID - 30346

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=615030

XF - claroline-courselog-toolaccess-xss(43962)

VUPEN - ADV-2008-2167

BUGTRAQ - 20080722 [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities

CONFIRM - http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.10_and_1.8.11

SREASON - 4041

SECUNIA - 31201


Last Updated: 27 May 2016 10:48:09