CVE-2008-3260

Published: Jul 22, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.

Affected (27)

Products: Claroline: Claroline

Claroline

1 product

Claroline

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Claroline Claroline	Up to 1.8.9
Claroline Claroline	Version 1.2
Claroline Claroline	Version 1.3
Claroline Claroline	Version 1.4
Claroline Claroline	Version 1.5.3
Claroline Claroline	Version 1.5.4
Claroline Claroline	Version 1.5
Claroline Claroline	Version 1.6
Claroline Claroline	Version 1.6_beta
Claroline Claroline	Version 1.6_rc1
Claroline Claroline	Version 1.7.1
Claroline Claroline	Version 1.7.2
Claroline Claroline	Version 1.7.3
Claroline Claroline	Version 1.7.4
Claroline Claroline	Version 1.7.5
Claroline Claroline	Version 1.7.6
Claroline Claroline	Version 1.7.7
Claroline Claroline	Version 1.7
Claroline Claroline	Version 1.8.0
Claroline Claroline	Version 1.8.1
Claroline Claroline	Version 1.8.2
Claroline Claroline	Version 1.8.3
Claroline Claroline	Version 1.8.4
Claroline Claroline	Version 1.8.5
Claroline Claroline	Version 1.8.6
Claroline Claroline	Version 1.8.7
Claroline Claroline	Version 1.8.8