Claroline: >> Claroline >> 10.0.0 Security Vulnerabilities
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.
CVSS Score
9.8
EPSS Score
0.318
Published
2022-08-25
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-08-25
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-25
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-08-25