CVE-2013-6267

Name of the Vulnerable Software and Affected Versions Claroline versions prior to 1.11.9

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters, including the box parameter to "messaging/messagebox.php", cidToEdit parameter to "adminregisteruser.php" or "admin user course settings.php" in the "admin/" directory, module id parameter to "admin/module/module.php", or the offset parameter to "admin/right/profile list.php".

Recommendations For versions prior to 1.11.9, update to version 1.11.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters, such as box, cidToEdit, module id, and offset, until a patch is available.