CVE-2010-1618 — Cross-site Scripting in Phpcas

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 49.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apereo Phpcas Moodle Ja-sig Phpcas Client Library

Timeline

PublishedApr 29

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDja-sig/phpcas_client_library1.0.0, 1.0.1+1

▶Packagistapereo/phpcas< 1.1.0

▶Packagistmoodle/moodle1.8.0 — 1.8.12+1

▶NVDmoodle/moodle18 versions+17

🔴Vulnerability Details

GHSA

phpCAS client library and Moodle Cross-site Scripting vulnerability↗2022-05-13

▶

OSV

phpCAS client library and Moodle Cross-site Scripting vulnerability↗2022-05-13

▶

📋Vendor Advisories

Red Hat

Moodle: Multiple security fixes in 1.8.12 upstream release↗2010-03-27

▶

💬Community

Bugzilla

CVE-2010-1613 CVE-2010-1614 CVE-2010-1615 CVE-2010-1616 CVE-2010-1617 CVE-2010-1618 CVE-2010-1619 Moodle: Multiple security fixes in 1.8.12 upstream release↗2010-04-01

▶