Cross-Site Scripting Vulnerabilities in phpCAS Affected by Proxy Mode
CVE-2010-3690

Currently unrated

Key Information:

Vendor

Apereo

Status
Vendor
CVE Published:
7 October 2010

What is CVE-2010-3690?

Multiple cross-site scripting (XSS) vulnerabilities exist in phpCAS prior to version 1.1.3 when running in proxy mode. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML content through specific crafted parameters, including a manipulated Proxy Granting Ticket IOU parameter within the callback function or during calls involving getCallbackURL or getURL functions. These exploits can lead to unauthorized access and manipulation of web content, posing significant security risks to applications utilizing phpCAS for authentication.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.