CVE-2010-3690

Priority
Low
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3,
when proxy mode is enabled, allow remote attackers to inject arbitrary web
script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou)
parameter to the callback function in client.php, (2) vectors involving
functions that make getCallbackURL calls, or (3) vectors involving
functions that make getURL calls.
References
Notes
 sbeattie> fixed in php-cas 1.1.3
Package
Source: glpi (LP Ubuntu Debian)
Upstream:released (0.80)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (0.80.7-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (0.80.7-1)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.80.7-1)
Ubuntu 16.10 (Yakkety Yak):not-affected (0.80.7-1)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-5)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.9.9.dfsg2-5)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.9.9.dfsg2-5)
Ubuntu 16.10 (Yakkety Yak):not-affected (1.9.9.dfsg2-5)
Ubuntu 17.04 (Zesty Zapus):not-affected (1.9.9.dfsg2-5)
More Information

Updated: 2017-02-22 01:14:14 UTC (commit 12122)