CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2010-3690
https://notcve.org/view.php?id=CVE-2010-3690
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en phpCAS anterior a v1.1.3, cuando el modo proxy está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML (1) a través del parámetro modificado Proxy Granting Ticket IOU (PGTiou) para la función callback en client.php y vectores que implican funciones que realizan llamadas getCallbackURL, o (3) vectores que implican funciones que realizan llamadas getURL • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html http://secunia.com/advisories/41878 http://secunia.com/advisories/42149 http://secunia.com/advisories/42184 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2010-2795
https://notcve.org/view.php?id=CVE-2010-2795
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value. phpCAS anterior a v1.1.2 permite a usuarios remotos autenticados secuestrar sesiones a través de una cadena de consulta que contiene un valor de ticket manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html http://secunia.com/advisories/40845 http://secunia.com/advisories/41240 http://secunia.com/advisories/42149 http://secunia.com/advisories/42184 http://secunia.com/advisories/43427& • CWE-20: Improper Input Validation •
CVSS: 2.6EPSS: 0%CPEs: 35EXPL: 0CVE-2010-2796
https://notcve.org/view.php?id=CVE-2010-2796
Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpCAS anterior v1.1.2, cuando el modo proxy está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a su elección a través de una URL de llamada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html http://secunia.com/advisories/40845 http://secunia.com/advisories/41240 http://secunia.com/advisories/42149 http://secunia.com/advisories/42184 http://secunia.com/advisories/43427& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •