Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors Products
Claroline
  • Claroline

Configuration 1 [-]

OR cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.5:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.6:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.2:*:*:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1905.html Exploit
http://retrogod.altervista.org/claroline_174_incl_xpl.html Exploit
http://secunia.com/advisories/19461 Exploit Vendor Advisory
http://www.osvdb.org/24284
http://www.osvdb.org/24285 Exploit
http://www.securityfocus.com/bid/17344 Exploit
http://www.vupen.com/english/advisories/2006/1187
https://exchange.xforce.ibmcloud.com/vulnerabilities/25562
https://www.exploit-db.com/exploits/1627
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-03T10:00:00

Updated: 2017-10-18T16:57:01

Reserved: 2006-04-03T00:00:00

Link: CVE-2006-1595

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-04-03T10:04:00.000

Modified: 2017-10-19T01:29:04.707

Link: CVE-2006-1595

JSON object: View

cve-icon Redhat Information

No data.

CWE