Unrated severityNVD Advisory· Published Dec 26, 2014· Updated May 6, 2026

CVE-2013-4753

Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.

Affected products

Claroline/Claroline
cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*
Range: <=1.11.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.xchg.infonvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000