CVE-2010-1618 – apereo/phpcas

Package

Manager: composer
Name: apereo/phpcas
Vulnerable Version: >=0 <1.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00273 pctl0.50427

Details

phpCAS client library and Moodle Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

Metadata

Created: 2022-05-13T01:13:09Z
Modified: 2024-02-07T22:50:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-45ch-hxgr-vx8j/GHSA-45ch-hxgr-vx8j.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-45ch-hxgr-vx8j
Finding: F008
Auto approve: 1