#319 Claroline Security Vulnerabilities Notification

claroline_1.11
closed
8
2013-11-29
2013-11-06
htbridge
No

Hello,

High-Tech Bridge Security Research Lab has discovered multiple cross-site scripting (XSS) security vulnerabilities in Claroline 1.11.8

Preview available here: https://www.htbridge.com/advisory/HTB23179

Developers can contact us by email for details: advisory (at) htbridge.com

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html

Best regards,
High-Tech Bridge Security Research Lab

Discussion

  • Frederic Minne

    Frederic Minne - 2013-11-07

    Thanks for reporting those issues. Those vulnerabilities are fixed in revision r14574 https://sourceforge.net/p/claroline/code/14574 on our subversion trunk and will be included in the next release. We will also provide more instruction about how to fix the issue on the forum and we will send them to you by email.

    -- zefredz

     
  • Frederic Minne

    Frederic Minne - 2013-11-07
    • status: open --> accepted
    • assigned_to: Frederic Minne
    • Priority: 5 --> 8
     
  • Frederic Minne

    Frederic Minne - 2013-11-07

    backported to mysql version (r14576)

     
    Last edit: Frederic Minne 2013-11-07
  • Frederic Minne

    Frederic Minne - 2013-11-29
    • status: accepted --> closed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks