Hello,
High-Tech Bridge Security Research Lab has discovered multiple cross-site scripting (XSS) security vulnerabilities in Claroline 1.11.8
Preview available here: https://www.htbridge.com/advisory/HTB23179
Developers can contact us by email for details: advisory (at) htbridge.com
For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html
Best regards,
High-Tech Bridge Security Research Lab
Thanks for reporting those issues. Those vulnerabilities are fixed in revision r14574 https://sourceforge.net/p/claroline/code/14574 on our subversion trunk and will be included in the next release. We will also provide more instruction about how to fix the issue on the forum and we will send them to you by email.
-- zefredz
backported to mysql version (r14576)
Last edit: Frederic Minne 2013-11-07