#319 Claroline Security Vulnerabilities Notification



High-Tech Bridge Security Research Lab has discovered multiple cross-site scripting (XSS) security vulnerabilities in Claroline 1.11.8

Preview available here: https://www.htbridge.com/advisory/HTB23179

Developers can contact us by email for details: advisory (at) htbridge.com

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html

Best regards,
High-Tech Bridge Security Research Lab


  • Frederic Minne

    Frederic Minne - 2013-11-07

    Thanks for reporting those issues. Those vulnerabilities are fixed in revision r14574 https://sourceforge.net/p/claroline/code/14574 on our subversion trunk and will be included in the next release. We will also provide more instruction about how to fix the issue on the forum and we will send them to you by email.

    -- zefredz

  • Frederic Minne

    Frederic Minne - 2013-11-07
    • status: open --> accepted
    • assigned_to: Frederic Minne
    • Priority: 5 --> 8
  • Frederic Minne

    Frederic Minne - 2013-11-07

    backported to mysql version (r14576)

    Last edit: Frederic Minne 2013-11-07
  • Frederic Minne

    Frederic Minne - 2013-11-29
    • status: accepted --> closed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks