CVE-2022-37161

Name of the Vulnerable Software and Affected Versions Claroline versions prior to 13.5.8

Description The issue is related to Cross Site Scripting (XSS) via SVG file upload. This means an attacker could potentially inject malicious scripts into the system by uploading specially crafted SVG files.

Recommendations For versions prior to 13.5.8, update to a version that includes the fix for this issue to prevent Cross Site Scripting (XSS) attacks via SVG file uploads. As a temporary workaround, consider restricting the upload of SVG files or implementing additional validation and sanitization for uploaded files to minimize the risk of exploitation.