Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via .. sequences in the file parameter in a rqEditHtml command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Claroline | Claroline | * | 1.7.4 (including) |
Claroline | Claroline | 1.5 (including) | 1.5 (including) |
Claroline | Claroline | 1.5.3 (including) | 1.5.3 (including) |
Claroline | Claroline | 1.5.4 (including) | 1.5.4 (including) |
Claroline | Claroline | 1.6 (including) | 1.6 (including) |
Claroline | Claroline | 1.6_beta (including) | 1.6_beta (including) |
Claroline | Claroline | 1.6_rc1 (including) | 1.6_rc1 (including) |
Claroline | Claroline | 1.7.2 (including) | 1.7.2 (including) |