PT-2010-3288 · Phpcas+1 · Phpcas Client Library+1

Publicado

2010-04-29

·

Atualizado

2022-05-13

·

CVE-2010-1618

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Moodle versions 1.8.x through 1.8.11 Moodle versions 1.9.x through 1.9.7 phpCAS client library versions prior to 1.1.0
Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This occurs because the URL is not properly handled in an error message.
Recommendations For Moodle versions 1.8.x through 1.8.11, update to version 1.8.12 or later. For Moodle versions 1.9.x through 1.9.7, update to version 1.9.8 or later. For phpCAS client library versions prior to 1.1.0, update to version 1.1.0 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2010-1618
DSA-2115-1
GHSA-45CH-HXGR-VX8J

Produtos afetados

Moodle
Phpcas Client Library