CVE-2010-3690

Priority
Low
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3,
when proxy mode is enabled, allow remote attackers to inject arbitrary web
script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou)
parameter to the callback function in client.php, (2) vectors involving
functions that make getCallbackURL calls, or (3) vectors involving
functions that make getURL calls.
References
Package
Source: glpi (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 13.10 (Saucy Salamander):ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-5)
Ubuntu 13.10 (Saucy Salamander):not-affected (1.9.9.dfsg2-5)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.9.9.dfsg2-5)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1.9.9.dfsg2-5)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-17 15:14:37 UTC (commit 8246)