------------------------------------------------------------------ [#] Security Advisory [^] http://securitynews.ir/ [>] Advisory Title: Claroline Cross-Site Scripting Vulnerabilities [@] Author : bug [@] securitynews.ir [$] Product Vendor : http://www.claroline.net/ [.] Affected Versions : 1.7.7 (and maybe before) [/] Release Date : 06/26/2006 ------------------------------------------------------------------ [*] Overview : Claroline is a free application based on PHP/MySQL allowing teachers or education organizations to create and administrate courses through the web . Several cross-site scripting bugs have been found in Claroline 1.7.7 . [*] Details : No exploitable details are going to be released . [*] Solution : Vendor contacted on 06/25/2006. The vendor has been released a security patch : http://www.claroline.net/dlarea/claroline.patch17701.zip ------------------------------ http://securitynews.ir/
