Cross-Site Scripting Vulnerabilities in phpCAS Affected by Proxy Mode
CVE-2010-3690
Currently unrated
What is CVE-2010-3690?
Multiple cross-site scripting (XSS) vulnerabilities exist in phpCAS prior to version 1.1.3 when running in proxy mode. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML content through specific crafted parameters, including a manipulated Proxy Granting Ticket IOU parameter within the callback function or during calls involving getCallbackURL or getURL functions. These exploits can lead to unauthorized access and manipulation of web content, posing significant security risks to applications utilizing phpCAS for authentication.
