CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.