CVE-2010-1618: XSS
First published: Thu Apr 29 2010(Updated: )
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ja-sig Phpcas Client Library | =1.0.0 | |
| Ja-sig Phpcas Client Library | =1.0.1 | |
| composer/moodle/moodle | >=1.9.0<1.9.8 | 1.9.8 |
| composer/moodle/moodle | >=1.8.0<1.8.12 | 1.8.12 |
| composer/apereo/phpcas | <1.1.0 | 1.1.0 |
| All of | ||
| Any of | ||
| Ja-sig Phpcas Client Library | =1.0.0 | |
| Ja-sig Phpcas Client Library | =1.0.1 | |
| Any of | ||
| Moodle | =1.8.1 | |
| Moodle | =1.8.2 | |
| Moodle | =1.8.3 | |
| Moodle | =1.8.4 | |
| Moodle | =1.8.5 | |
| Moodle | =1.8.6 | |
| Moodle | =1.8.7 | |
| Moodle | =1.8.8 | |
| Moodle | =1.8.9 | |
| Moodle | =1.8.10 | |
| Moodle | =1.8.11 | |
| Moodle | =1.9.1 | |
| Moodle | =1.9.2 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.4 | |
| Moodle | =1.9.5 | |
| Moodle | =1.9.6 | |
| Moodle | =1.9.7 | |
| Moodle | =1.8.1 | |
| Moodle | =1.8.2 | |
| Moodle | =1.8.3 | |
| Moodle | =1.8.4 | |
| Moodle | =1.8.5 | |
| Moodle | =1.8.6 | |
| Moodle | =1.8.7 | |
| Moodle | =1.8.8 | |
| Moodle | =1.8.9 | |
| Moodle | =1.8.10 | |
| Moodle | =1.8.11 | |
| Moodle | =1.9.1 | |
| Moodle | =1.9.2 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.4 | |
| Moodle | =1.9.5 | |
| Moodle | =1.9.6 | |
| Moodle | =1.9.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ja-sig.org/issues/browse/PHPCAS-52
- http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog
- http://moodle.org/security/
- http://www.vupen.com/english/advisories/2010/1107
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2010-1618
- https://github.com/apereo/phpCAS/commit/021633112198b37555b35340cde884d1016d9e47
- https://github.com/advisories/GHSA-45ch-hxgr-vx8j (Advisory)
Frequently Asked Questions
What is the severity of CVE-2010-1618?
The severity of CVE-2010-1618 is classified as medium due to its cross-site scripting (XSS) implications.
How do I fix CVE-2010-1618?
To fix CVE-2010-1618, upgrade to phpCAS client library version 1.1.0 or later, or Moodle versions 1.8.12 or 1.9.8.
Which software is affected by CVE-2010-1618?
CVE-2010-1618 affects phpCAS client library versions prior to 1.1.0 and Moodle versions 1.8.x before 1.8.12 and 1.9.x before 1.9.8.
What type of vulnerability is CVE-2010-1618?
CVE-2010-1618 is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML.
Can CVE-2010-1618 be exploited remotely?
Yes, CVE-2010-1618 can be exploited remotely via a crafted URL that is not properly handled in an error message.
- collector/nvd-historical
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-45ch-hxgr-vx8j
- alias/CVE-2010-1618
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ja-sig
- canonical/ja-sig phpcas client library
- version/ja-sig phpcas client library/1.0.0
- version/ja-sig phpcas client library/1.0.1
- package-manager/composer
- vendor/moodle
- canonical/moodle
- version/moodle/1.8.1
- version/moodle/1.8.2
- version/moodle/1.8.3
- version/moodle/1.8.4
- version/moodle/1.8.5
- version/moodle/1.8.6
- version/moodle/1.8.7
- version/moodle/1.8.8
- version/moodle/1.8.9
- version/moodle/1.8.10
- version/moodle/1.8.11
- version/moodle/1.9.1
- version/moodle/1.9.2
- version/moodle/1.9.3
- version/moodle/1.9.4
- version/moodle/1.9.5
- version/moodle/1.9.6
- version/moodle/1.9.7