Claroline Cross-Site Scripting Vulnerabilities

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Claroline Cross-Site Scripting Vulnerabilities
From: "bug@xxxxxxxxxxxxxxx" <bug@xxxxxxxxxxxxxxx>
Date: Mon, 26 Jun 2006 20:33:34 +0430
Importance: Normal
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mailer

------------------------------------------------------------------
[#] Security Advisory
[^] http://securitynews.ir/

[>] Advisory Title: Claroline Cross-Site Scripting Vulnerabilities
[@] Author : bug [@] securitynews.ir
[$] Product Vendor : http://www.claroline.net/
[.] Affected Versions : 1.7.7 (and maybe before)
[/] Release Date : 06/26/2006
------------------------------------------------------------------
[*] Overview :
Claroline is a free application based on PHP/MySQL allowing 
teachers or education organizations to create and administrate 
courses through the web .
Several cross-site scripting bugs have been found in 
Claroline 1.7.7 .

[*] Details :
No exploitable details are going to be released .

[*] Solution :
Vendor contacted on 06/25/2006. The vendor has been released
a security patch :
http://www.claroline.net/dlarea/claroline.patch17701.zip

------------------------------
http://securitynews.ir/

Prev by Date: RE: PHP security (or the lack thereof)
Next by Date: DeluxeBB 1.07 Create admin Exploit
Previous by thread: [Kurdish Security # 9] MyMail Directory Traversal And XSS Attacking Vulnerability
Next by thread: DeluxeBB 1.07 Create admin Exploit
Index(es):
- Date
- Thread