#319 Claroline Security Vulnerabilities Notification

claroline_1.11
closed
8
2013-11-29
2013-11-06
htbridge
No

Hello,

High-Tech Bridge Security Research Lab has discovered multiple cross-site scripting (XSS) security vulnerabilities in Claroline 1.11.8

Preview available here: https://www.htbridge.com/advisory/HTB23179

Developers can contact us by email for details: advisory (at) htbridge.com

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html

Best regards,
High-Tech Bridge Security Research Lab

Discussion

  • Frederic Minne
    Frederic Minne
    2013-11-07

    Thanks for reporting those issues. Those vulnerabilities are fixed in revision r14574 https://sourceforge.net/p/claroline/code/14574 on our subversion trunk and will be included in the next release. We will also provide more instruction about how to fix the issue on the forum and we will send them to you by email.

    -- zefredz

     
  • Frederic Minne
    Frederic Minne
    2013-11-07

    • status: open --> accepted
    • assigned_to: Frederic Minne
    • Priority: 5 --> 8
     
  • Frederic Minne
    Frederic Minne
    2013-11-07

    backported to mysql version (r14576)

     
    Last edit: Frederic Minne 2013-11-07
  • Frederic Minne
    Frederic Minne
    2013-11-29

    • status: accepted --> closed