certfr_avis - certa-2006-avi-258

CERTA-2006-AVI-258

Vulnerability from certfr_avis

None

Description

De multiples vulnérabilités de type cross site scripting ont été découvertes dans Claroline.

Solution

Appliquer le correctif de l'éditeur (voir Documentation).

Claroline versions 1.7.7 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Forum de Claroline	None	vendor-advisory
Correctif 17701 :	-	other
Avis sur le forum de Claroline :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eClaroline versions 1.7.7 et ant\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s de type cross site scripting ont \u00e9t\u00e9\nd\u00e9couvertes dans Claroline.\n\n## Solution\n\nAppliquer le correctif de l\u0027\u00e9diteur (voir Documentation).\n",
  "cves": [],
  "initial_release_date": "2006-06-27T00:00:00",
  "last_revision_date": "2006-06-27T00:00:00",
  "links": [
    {
      "title": "Correctif 17701 :",
      "url": "http://www.claroline.net/dlarea/claroline.patch17701.zip"
    },
    {
      "title": "Avis sur le forum de Claroline :",
      "url": "http://www.claroline.net/forum/viewtopic.php?t=6198"
    }
  ],
  "reference": "CERTA-2006-AVI-258",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Claroline",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Forum de Claroline",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted