CVE-2022-37162 Information

Description

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the ‘Location’ field of a calendar event.

Reference

https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md