CVE-2010-3690
07.10.2010, 21:00
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.
| Vendor | Product | Version |
|---|---|---|
| apereo | phpcas | 𝑥 ≤ 1.1.2 |
| apereo | phpcas | 0.2 |
| apereo | phpcas | 0.3 |
| apereo | phpcas | 0.3.1 |
| apereo | phpcas | 0.3.2 |
| apereo | phpcas | 0.4 |
| apereo | phpcas | 0.4.1 |
| apereo | phpcas | 0.4.8 |
| apereo | phpcas | 0.4.9 |
| apereo | phpcas | 0.4.10 |
| apereo | phpcas | 0.4.11 |
| apereo | phpcas | 0.4.12 |
| apereo | phpcas | 0.4.13 |
| apereo | phpcas | 0.4.14 |
| apereo | phpcas | 0.4.15 |
| apereo | phpcas | 0.4.16 |
| apereo | phpcas | 0.4.17 |
| apereo | phpcas | 0.4.18 |
| apereo | phpcas | 0.4.19 |
| apereo | phpcas | 0.4.20 |
| apereo | phpcas | 0.4.21 |
| apereo | phpcas | 0.4.22 |
| apereo | phpcas | 0.4.23 |
| apereo | phpcas | 0.5.0 |
| apereo | phpcas | 0.5.1 |
| apereo | phpcas | 0.6.0 |
| apereo | phpcas | 1.0.0 |
| apereo | phpcas | 1.0.1 |
| apereo | phpcas | 1.1.0 |
| apereo | phpcas | 1.1.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| glpi |
| ||||||||||||||||||||||||||||||||||||
| moodle |
|
References