Skip to main content

Claroline

6 CVEs product

Monthly

CVE-2022-37162 MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Claroline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37161 MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Claroline
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37160 MEDIUM POC This Month

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Claroline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37159 CRITICAL POC THREAT Act Now

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Claroline
NVD GitHub
CVSS 3.1
9.8
EPSS
24.9%
CVE-2013-4753 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Claroline
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6267 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Claroline
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Claroline
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Claroline
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Claroline
NVD GitHub
EPSS 25% CVSS 9.8
CRITICAL POC THREAT Act Now

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Claroline
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Claroline
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Claroline
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy