NVD

Id
3143  
Name
CVE-2008-3260  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-03  
Published
2008-07-22  
Modified Date
2009-01-29  
Seq
2008-3260  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
19939 3143 CVE-2008-3260 4020  View
19940 3143 CVE-2008-3260 http://sourceforge.net/project/shownotes.php?release_id=613634  View
19941 3143 CVE-2008-3260 http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10  View
19942 3143 CVE-2008-3260 20080718 [DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities  View
19943 3143 CVE-2008-3260 30269  View
19944 3143 CVE-2008-3260 claroline-unknown-unspecified(43854)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
47962 JVNDB-2008-003272 Claroline におけるクロスサイトスクリプティングの脆弱性 Claroline には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-3260 33373 CVE-2008-3260 3143 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003272.html 2008-07-22 2012-06-26 View