CVE-2022-37162

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-37162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-37162
Published
2022-08-25T17:15:08Z
Modified
2024-09-03T04:18:46.042084Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.

References

Affected packages

Git / github.com/claroline/claroline

Affected ranges

Type
GIT
Repo
https://github.com/claroline/claroline
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

13.*

13.0.10
13.0.11
13.0.12
13.0.13
13.0.14
13.0.15
13.0.16
13.0.17
13.0.18
13.0.19
13.0.2
13.0.20
13.0.21
13.0.22
13.0.23
13.0.24
13.0.25
13.0.26
13.0.27
13.0.28
13.0.29
13.0.3
13.0.30
13.0.31
13.0.32
13.0.33
13.0.34
13.0.35
13.0.36
13.0.37
13.0.38
13.0.39
13.0.4
13.0.40
13.0.41
13.0.42
13.0.43
13.0.44
13.0.45
13.0.46
13.0.5
13.0.6
13.0.7
13.0.8
13.0.9
13.1.0
13.1.1
13.1.2
13.1.3
13.1.4
13.3.0
13.4.0
13.4.1
13.4.2
13.4.3
13.5.0
13.5.1
13.5.2
13.5.3
13.5.4
13.5.5
13.5.6
13.5.7