CVE-2010-3690
Priority
Low
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3,
when proxy mode is enabled, allow remote attackers to inject arbitrary web
script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou)
parameter to the callback function in client.php, (2) vectors involving
functions that make getCallbackURL calls, or (3) vectors involving
functions that make getURL calls.
when proxy mode is enabled, allow remote attackers to inject arbitrary web
script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou)
parameter to the callback function in client.php, (2) vectors involving
functions that make getCallbackURL calls, or (3) vectors involving
functions that make getURL calls.
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needs-triage |
| Ubuntu 12.10 (Quantal Quetzal): | needs-triage |
| Ubuntu 13.04 (Raring Ringtail): | needs-triage |
| Ubuntu 13.10 (Saucy Salamander): | needs-triage |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (1.9.9.dfsg2-5) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (1.9.9.dfsg2-5) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (1.9.9.dfsg2-5) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (1.9.9.dfsg2-5) |