Claroline / Bugs / #319 Claroline Security Vulnerabilities Notification

#319 Claroline Security Vulnerabilities Notification

Milestone: claroline_1.11

Status: closed

Owner: Frederic Minne

Labels: vulnerability (2) XSS (2)

Priority: 8

Updated: 2013-11-29

Created: 2013-11-06

Creator: htbridge

Private: No

Hello,

High-Tech Bridge Security Research Lab has discovered multiple cross-site scripting (XSS) security vulnerabilities in Claroline 1.11.8

Preview available here: https://www.htbridge.com/advisory/HTB23179

Developers can contact us by email for details: advisory (at) htbridge.com

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html

Best regards,
High-Tech Bridge Security Research Lab

Discussion

Frederic Minne - 2013-11-07

Thanks for reporting those issues. Those vulnerabilities are fixed in revision r14574 https://sourceforge.net/p/claroline/code/14574 on our subversion trunk and will be included in the next release. We will also provide more instruction about how to fix the issue on the forum and we will send them to you by email.

-- zefredz

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Frederic Minne - 2013-11-07

status: open --> accepted

assigned_to: Frederic Minne

Priority: 5 --> 8
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Frederic Minne - 2013-11-07

backported to mysql version (r14576)

Last edit: Frederic Minne 2013-11-07

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Frederic Minne - 2013-11-29

status: accepted --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.