First published: Thu Apr 29 2010(Updated: )
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ja-sig Phpcas Client Library | =1.0.0 | |
Ja-sig Phpcas Client Library | =1.0.1 | |
Moodle Moodle | =1.8.1 | |
Moodle Moodle | =1.8.2 | |
Moodle Moodle | =1.8.3 | |
Moodle Moodle | =1.8.4 | |
Moodle Moodle | =1.8.5 | |
Moodle Moodle | =1.8.6 | |
Moodle Moodle | =1.8.7 | |
Moodle Moodle | =1.8.8 | |
Moodle Moodle | =1.8.9 | |
Moodle Moodle | =1.8.10 | |
Moodle Moodle | =1.8.11 | |
Moodle Moodle | =1.9.1 | |
Moodle Moodle | =1.9.2 | |
Moodle Moodle | =1.9.3 | |
Moodle Moodle | =1.9.4 | |
Moodle Moodle | =1.9.5 | |
Moodle Moodle | =1.9.6 | |
Moodle Moodle | =1.9.7 | |
composer/moodle/moodle | >=1.9.0<1.9.8 | 1.9.8 |
composer/moodle/moodle | >=1.8.0<1.8.12 | 1.8.12 |
composer/apereo/phpcas | <1.1.0 | 1.1.0 |
All of | ||
Any of | ||
Ja-sig Phpcas Client Library | =1.0.0 | |
Ja-sig Phpcas Client Library | =1.0.1 | |
Any of | ||
Moodle Moodle | =1.8.1 | |
Moodle Moodle | =1.8.2 | |
Moodle Moodle | =1.8.3 | |
Moodle Moodle | =1.8.4 | |
Moodle Moodle | =1.8.5 | |
Moodle Moodle | =1.8.6 | |
Moodle Moodle | =1.8.7 | |
Moodle Moodle | =1.8.8 | |
Moodle Moodle | =1.8.9 | |
Moodle Moodle | =1.8.10 | |
Moodle Moodle | =1.8.11 | |
Moodle Moodle | =1.9.1 | |
Moodle Moodle | =1.9.2 | |
Moodle Moodle | =1.9.3 | |
Moodle Moodle | =1.9.4 | |
Moodle Moodle | =1.9.5 | |
Moodle Moodle | =1.9.6 | |
Moodle Moodle | =1.9.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.