A persistent cross site scripting vulnerability in Claroline version 1.10 can be exploited to execute arbitrary JavaScript.
90fe6ead030e3c46d84454b0be125a33b560e1c502df04a47f9e57155e7d883e
------------------------------------------------------------------------
Software................Claroline 1.10
Vulnerability...........Persistent Cross-site Scripting
Threat Level............Moderate (2/5)
Download................http://www.claroline.net/
Disclosure Date.........4/6/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
A persistent cross-site scripting vulnerability in Claroline 1.10 can
be exploited to execute arbitrary JavaScript.
--Exploit--
Enter script tags for the first or last name of a user. The tags are
rendered unencoded when viewed in the administration user list.
--PoC--
"><script>alert(0)</script>