{"vulnerability": "CVE-2022-37160", "sightings": [{"uuid": "4d1fa493-1e60-4569-8e2a-b72cf011d5f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37160", "type": "seen", "source": "https://t.me/cibsecurity/48786", "content": "\u203c CVE-2022-37160 \u203c\n\nClaroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-25T20:23:55.000000Z"}]}