Search criteria
3 vulnerabilities found for phpcas_client_library by ja-sig
FKIE_CVE-2010-1618
Vulnerability from fkie_nvd - Published: 2010-04-29 21:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ja-sig | phpcas_client_library | 1.0.0 | |
| ja-sig | phpcas_client_library | 1.0.1 | |
| ja-sig | phpcas_client_library | 1.0.0 | |
| ja-sig | phpcas_client_library | 1.0.1 | |
| moodle | moodle | 1.8.1 | |
| moodle | moodle | 1.8.2 | |
| moodle | moodle | 1.8.3 | |
| moodle | moodle | 1.8.4 | |
| moodle | moodle | 1.8.5 | |
| moodle | moodle | 1.8.6 | |
| moodle | moodle | 1.8.7 | |
| moodle | moodle | 1.8.8 | |
| moodle | moodle | 1.8.9 | |
| moodle | moodle | 1.8.10 | |
| moodle | moodle | 1.8.11 | |
| moodle | moodle | 1.9.1 | |
| moodle | moodle | 1.9.2 | |
| moodle | moodle | 1.9.3 | |
| moodle | moodle | 1.9.4 | |
| moodle | moodle | 1.9.5 | |
| moodle | moodle | 1.9.6 | |
| moodle | moodle | 1.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA232F1A-54D8-42CB-A658-4677AE378279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEAE00B-CB64-4850-94E1-B2C28D65FE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA232F1A-54D8-42CB-A658-4677AE378279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ja-sig:phpcas_client_library:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEAE00B-CB64-4850-94E1-B2C28D65FE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "492A28FE-A2F8-4FF7-AC5B-0C3F5508506D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28A897CA-3D8F-4575-BBD2-1C0C5A2ECC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A3A5D9-D96E-46B3-AC22-25045564EB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF91F8EA-1737-4E11-9931-ACAFB4BC0018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E81E148-5710-439C-8A1A-884D27640AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B70465-F734-4C65-9790-0D83D03B7A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2C0217-A25A-4D0A-8CC6-64DEBC9E198F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7949FC50-81B9-44AD-BB1B-91D025B34FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "83AA5D08-CF62-45A8-A8FE-18F76BA8ECA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2C61F076-71AC-4AEF-BECF-9EF0B05CEB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A3C2C4-A1FE-422C-81DB-9E46035106FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24F2602B-8ED3-4026-A9A4-31BE8BDC7724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F24649-B67F-4809-9F54-7B623AEF5A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "291F73E9-1059-4E7F-860F-0DF2A35AA456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB5859E-0996-46B5-BB44-34BD6EACBCF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la biblioteca de cliente phpCAS anterior a v1.1.0, utilizado en Moodle v1.8.x anterior a v1.8.12 y v1.9.x anterior a v1.9.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL manipulada, que no es manejado apropiadamente en un mensaje de error."
}
],
"id": "CVE-2010-1618",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-29T21:30:00.807",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://moodle.org/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
},
{
"source": "cve@mitre.org",
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moodle.org/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1107"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-1618 (GCVE-0-2010-1618)
Vulnerability from cvelistv5 – Published: 2010-04-29 21:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "http://www.ja-sig.org/issues/browse/PHPCAS-52",
"refsource": "CONFIRM",
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1618",
"datePublished": "2010-04-29T21:00:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1618 (GCVE-0-2010-1618)
Vulnerability from nvd – Published: 2010-04-29 21:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "http://www.ja-sig.org/issues/browse/PHPCAS-52",
"refsource": "CONFIRM",
"url": "http://www.ja-sig.org/issues/browse/PHPCAS-52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1618",
"datePublished": "2010-04-29T21:00:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}