VYPR
Unrated severityNVD Advisory· Published Dec 5, 2013· Updated Jun 17, 2026

CVE-2013-6267

CVE-2013-6267

Description

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Claroline/Claroline11 versions
    cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*range: <=1.11.8
    • cpe:2.3:a:claroline:claroline:1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.11.5:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.11.6:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.11.7:*:*:*:*:*:*:*
    • cpe:2.3:a:claroline:claroline:1.9:*:*:*:*:*:*:*
    • (no CPE)range: <1.11.9

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.