Vulnerabilites related to ja-sig - phpcas_client_library
Vulnerability from fkie_nvd
Published
2010-04-29 21:30
Modified
2024-11-21 01:14
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ja-sig | phpcas_client_library | 1.0.0 | |
ja-sig | phpcas_client_library | 1.0.1 | |
ja-sig | phpcas_client_library | 1.0.0 | |
ja-sig | phpcas_client_library | 1.0.1 | |
moodle | moodle | 1.8.1 | |
moodle | moodle | 1.8.2 | |
moodle | moodle | 1.8.3 | |
moodle | moodle | 1.8.4 | |
moodle | moodle | 1.8.5 | |
moodle | moodle | 1.8.6 | |
moodle | moodle | 1.8.7 | |
moodle | moodle | 1.8.8 | |
moodle | moodle | 1.8.9 | |
moodle | moodle | 1.8.10 | |
moodle | moodle | 1.8.11 | |
moodle | moodle | 1.9.1 | |
moodle | moodle | 1.9.2 | |
moodle | moodle | 1.9.3 | |
moodle | moodle | 1.9.4 | |
moodle | moodle | 1.9.5 | |
moodle | moodle | 1.9.6 | |
moodle | moodle | 1.9.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EA232F1A-54D8-42CB-A658-4677AE378279", vulnerable: true, }, { criteria: "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9FEAE00B-CB64-4850-94E1-B2C28D65FE40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EA232F1A-54D8-42CB-A658-4677AE378279", vulnerable: true, }, { criteria: "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9FEAE00B-CB64-4850-94E1-B2C28D65FE40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "492A28FE-A2F8-4FF7-AC5B-0C3F5508506D", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "28A897CA-3D8F-4575-BBD2-1C0C5A2ECC99", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "A4A3A5D9-D96E-46B3-AC22-25045564EB96", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "AF91F8EA-1737-4E11-9931-ACAFB4BC0018", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "1E81E148-5710-439C-8A1A-884D27640AAD", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "A3B70465-F734-4C65-9790-0D83D03B7A16", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "DE2C0217-A25A-4D0A-8CC6-64DEBC9E198F", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*", matchCriteriaId: "7949FC50-81B9-44AD-BB1B-91D025B34FF6", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*", matchCriteriaId: "83AA5D08-CF62-45A8-A8FE-18F76BA8ECA5", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*", matchCriteriaId: "2C61F076-71AC-4AEF-BECF-9EF0B05CEB77", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*", matchCriteriaId: "18A3C2C4-A1FE-422C-81DB-9E46035106FD", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "24F2602B-8ED3-4026-A9A4-31BE8BDC7724", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "D7F24649-B67F-4809-9F54-7B623AEF5A4A", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", matchCriteriaId: "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", matchCriteriaId: "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", matchCriteriaId: "291F73E9-1059-4E7F-860F-0DF2A35AA456", vulnerable: true, }, { criteria: "cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*", matchCriteriaId: "0EB5859E-0996-46B5-BB44-34BD6EACBCF5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la biblioteca de cliente phpCAS anterior a v1.1.0, utilizado en Moodle v1.8.x anterior a v1.8.12 y v1.9.x anterior a v1.9.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada, que no es manejado apropiadamente en un mensaje de error.", }, ], id: "CVE-2010-1618", lastModified: "2024-11-21T01:14:49.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-04-29T21:30:00.807", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", }, { source: "cve@mitre.org", url: "http://moodle.org/security/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.ja-sig.org/issues/browse/PHPCAS-52", }, { source: "cve@mitre.org", url: "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/1107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://moodle.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ja-sig.org/issues/browse/PHPCAS-52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/1107", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2010-1618
Vulnerability from cvelistv5
Published
2010-04-29 21:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
References
▼ | URL | Tags |
---|---|---|
http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog | x_refsource_CONFIRM | |
http://www.vupen.com/english/advisories/2010/1107 | vdb-entry, x_refsource_VUPEN | |
http://moodle.org/security/ | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | vendor-advisory, x_refsource_SUSE | |
http://www.ja-sig.org/issues/browse/PHPCAS-52 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T01:28:42.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", }, { name: "ADV-2010-1107", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/1107", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://moodle.org/security/", }, { name: "SUSE-SR:2010:011", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ja-sig.org/issues/browse/PHPCAS-52", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-03-31T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-04-30T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", }, { name: "ADV-2010-1107", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/1107", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://moodle.org/security/", }, { name: "SUSE-SR:2010:011", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ja-sig.org/issues/browse/PHPCAS-52", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-1618", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", refsource: "CONFIRM", url: "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", }, { name: "ADV-2010-1107", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/1107", }, { name: "http://moodle.org/security/", refsource: "CONFIRM", url: "http://moodle.org/security/", }, { name: "SUSE-SR:2010:011", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", }, { name: "http://www.ja-sig.org/issues/browse/PHPCAS-52", refsource: "CONFIRM", url: "http://www.ja-sig.org/issues/browse/PHPCAS-52", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-1618", datePublished: "2010-04-29T21:00:00", dateReserved: "2010-04-29T00:00:00", dateUpdated: "2024-08-07T01:28:42.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }