CVE-2010-3690

Apereo Phpcas < 1.1.2 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.

References (20)

[Issue Tracking] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82

[Third Party Advisory] http://secunia.com/advisories/41878

[Third Party Advisory] http://secunia.com/advisories/42149

[Third Party Advisory] http://secunia.com/advisories/42184

[Third Party Advisory] http://secunia.com/advisories/43427

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/2705

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/2909

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0456

[Various Sources] https://developer.jasig.org/source/changelog/jasigsvn?cs=21538

[Various Sources] https://forge.indepnet.net/projects/glpi/repository/revisions/12601

[Various Sources] https://issues.jasig.org/browse/PHPCAS-80

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/43585

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2172

[Mailing List] http://www.openwall.com/lists/oss-security/2010/09/29/6

[Mailing List] http://www.openwall.com/lists/oss-security/2010/10/01/2

[Mailing List] http://www.openwall.com/lists/oss-security/2010/10/01/5

Scores

EPSS 0.0104

EPSS Percentile 77.2%

Classification

CWE

CWE-79

Status published

Affected Products (31)

apereo/phpcas < 1.1.2

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

apereo/phpcas

... and 16 more

Timeline

Published Oct 07, 2010

Tracked Since Feb 18, 2026