VYPR
Unrated severityNVD Advisory· Published May 3, 2005· Updated Jun 16, 2026

CVE-2005-1374

CVE-2005-1374

Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*
    • (no CPE)range: 1.5.3 - 1.6 RC1

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.