CVE-2007-4717

Name of the Vulnerable Software and Affected Versions: Claroline versions prior to 1.8.6

Description: The issue allows remote authenticated administrators to inject arbitrary web script or HTML. This can be achieved via the dir parameter in "admin/adminusers.php", the action parameter in "admin/advancedUserSearch.php", and the view parameter in "admin/campusProblem.php".

Recommendations: For versions prior to 1.8.6, update to version 1.8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected parameters dir, action, and view in the respective PHP files until the update is applied.