CVE-2021-42567

MEDIUM EXPLOITED NUCLEI

Apereo Central Authentication Service < 6.3.7.1 - XSS

Title source: rule

Description

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.

Nuclei Templates (1)

Apereo CAS Cross-Site Scripting
MEDIUMby pdteam
Shodan: http.title:'CAS - Central Authentication Service' || http.title:'cas - central authentication service'
FOFA: title='cas - central authentication service'

References (2)

Scores

CVSS v3 6.1
EPSS 0.4889
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-01-22
CWE
CWE-79
Status published
Products (2)
apereo/central_authentication_service 6.3.0 - 6.3.7.1
org.apereo.cas/cas-server-core-web 0 - 6.4.2Maven
Published Dec 07, 2021
Tracked Since Feb 18, 2026