XSS Vulnerability in Apereo CAS Affecting Multiple Versions
CVE-2021-42567

6.1MEDIUM

Key Information:

Vendor

Apereo

Vendor
CVE Published:
7 December 2021

What is CVE-2021-42567?

Apereo CAS versions up to and including 6.4.1 are susceptible to Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to exploit POST requests sent to the REST API endpoints, potentially enabling them to execute arbitrary scripts in the context of a user's session. Such exploitation could lead to unauthorized actions being taken on behalf of the user, including data theft and session hijacking. It is crucial for users and administrators to secure their CAS implementations to mitigate these risks.

References

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.