2 matches found
CVE-2010-2795
Summary : CVE-2010-2795 concerns the phpCAS library (pre-1.1.2) used by PHP-based apps such as Moodle. The vulnerability allows a remote authenticated user to hijack a session by supplying a crafted ticket value in the query string. The issue has been publicly discussed in multiple advisories (e....
CVE-2010-2796
CVE-2010-2796 is an XSS vulnerability in phpCAS prior to 1.1.2 when proxy mode is enabled, allowing an attacker to inject script via a callback URL. The flaw affects phpCAS usage embedded in applications such as Moodle that include phpCAS. Remediation references imply upgrading to phpCAS 1.1.2 or...