phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities

This host is installed with phpCAS and is prone to session hijacking and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbphpcassessionhijacknxssvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Authors: Madhuri...

phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities

phpCAS is prone to session hijacking and cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-2795

phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value...

CVE-2010-2796

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

Spoofing

phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value...

Cross site scripting

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

CVE-2010-2795

Summary : CVE-2010-2795 concerns the phpCAS library (pre-1.1.2) used by PHP-based apps such as Moodle. The vulnerability allows a remote authenticated user to hijack a session by supplying a crafted ticket value in the query string. The issue has been publicly discussed in multiple advisories (e....

CVE-2010-2796

Cross-site scripting XSS vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL...

CVE-2010-2795

phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value...

CVE-2010-2796

CVE-2010-2796 is an XSS vulnerability in phpCAS prior to 1.1.2 when proxy mode is enabled, allowing an attacker to inject script via a callback URL. The flaw affects phpCAS usage embedded in applications such as Moodle that include phpCAS. Remediation references imply upgrading to phpCAS 1.1.2 or...

CVE-2010-1618

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

CVE-2010-1618

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

CVE-2010-1618

The CVE-2010-1618 issue is a Cross-site Scripting (XSS) vulnerability in the phpCAS client library (pre-1.1.0) used by Moodle 1.8.x and 1.9.x series, where a crafted URL can inject script/HTML due to improper handling in an error message. Affected stack examples include Moodle 1.8.x before 1.8.12...