TUCoPS :: Web :: Apps :: b06-3264.htm

Claroline Cross-Site Scripting Vulnerabilities
Claroline Cross-Site Scripting Vulnerabilities
Claroline Cross-Site Scripting Vulnerabilities



------------------------------------------------------------------
[#] Security Advisory
[^] http://securitynews.ir/ 

[>] Advisory Title: Claroline Cross-Site Scripting Vulnerabilities
[@] Author : bug [@] securitynews.ir
[$] Product Vendor : http://www.claroline.net/ 
[.] Affected Versions : 1.7.7 (and maybe before)
[/] Release Date : 06/26/2006
------------------------------------------------------------------
[*] Overview :
Claroline is a free application based on PHP/MySQL allowing 
teachers or education organizations to create and administrate 
courses through the web .
Several cross-site scripting bugs have been found in 
Claroline 1.7.7 .

[*] Details :
No exploitable details are going to be released .

[*] Solution :
Vendor contacted on 06/25/2006. The vendor has been released
a security patch :
http://www.claroline.net/dlarea/claroline.patch17701.zip 

------------------------------
http://securitynews.ir/ 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH