CVE-2010-3690

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2010-3690
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.openwall.com/lists/oss-security/2010/10/01/2
http://www.openwall.com/lists/oss-security/2010/09/29/6
https://issues.jasig.org/browse/PHPCAS-80
http://www.openwall.com/lists/oss-security/2010/10/01/5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
https://developer.jasig.org/source/changelog/jasigsvn?cs=21538
http://www.vupen.com/english/advisories/2010/2705
http://secunia.com/advisories/41878
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
http://www.securityfocus.com/bid/43585
http://www.vupen.com/english/advisories/2010/2909
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
http://secunia.com/advisories/42184
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
https://forge.indepnet.net/projects/glpi/repository/revisions/12601
http://secunia.com/advisories/42149
http://secunia.com/advisories/43427
http://www.vupen.com/english/advisories/2011/0456
http://www.debian.org/security/2011/dsa-2172
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apereo:phpcas:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.16:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.13:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.23:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.15:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.2:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.3:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.11:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.12:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.14:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.17:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.18:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.19:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.20:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.21:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.4.22:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apereo:phpcas:1.1.1:*:*:*:*:*:*:*
Information

Published : 2010-10-07 14:00

Updated : 2019-12-30 04:59

NVD link : CVE-2010-3690

Mitre link : CVE-2010-3690

JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa
Products Affected

apereo

  • phpcas