Lucene search

GitHub Advisory DatabaseGHSA-45CH-HXGR-VX8J

HistoryMay 13, 2022 - 1:13 a.m.

phpCAS client library and Moodle Cross-site Scripting vulnerability

2022-05-1301:13:09

CWE-79

GitHub Advisory Database

github.com

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON

Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

CPENameOperatorVersion
moodle/moodlelt1.9.8
moodle/moodlelt1.8.12
apereo/phpcaslt1.1.0

Name	Operator	Version
moodle/moodle	lt	1.9.8
moodle/moodle	lt	1.8.12
apereo/phpcas	lt	1.1.0

References

lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

moodle.org/security/

www.ja-sig.org/issues/browse/PHPCAS-52

www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog

www.vupen.com/english/advisories/2010/1107

github.com/advisories/GHSA-45ch-hxgr-vx8j

github.com/apereo/phpCAS/commit/021633112198b37555b35340cde884d1016d9e47

nvd.nist.gov/vuln/detail/CVE-2010-1618