Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
References
Link | Resource |
---|---|
https://apereo.github.io/2021/10/18/restvuln/ | Patch Third Party Advisory |
https://github.com/apereo/cas/releases | Release Notes Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-12-07 14:15
Updated : 2021-12-09 11:04
NVD link : CVE-2021-42567
Mitre link : CVE-2021-42567
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
apereo
- central_authentication_service