Candidate: CVE-2010-3690 PublicDate: 2010-10-07 21:00:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3690 https://github.com/glpi-project/glpi/commit/5b1d4768334b4424882931ca5800258b8dc72479 Description: Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls. Ubuntu-Description: Notes: sbeattie> fixed in php-cas 1.1.3 Bugs: Priority: low Discovered-by: Assigned-to: CVSS: Patches_glpi: upstream_glpi: released (0.80) dapper_glpi: DNE hardy_glpi: ignored (reached end-of-life) jaunty_glpi: ignored (reached end-of-life) karmic_glpi: ignored (reached end-of-life) lucid_glpi: ignored (reached end-of-life) maverick_glpi: ignored (reached end-of-life) natty_glpi: ignored (reached end-of-life) oneiric_glpi: ignored (reached end-of-life) precise_glpi: not-affected (0.80.7-1) quantal_glpi: ignored (reached end-of-life) raring_glpi: ignored (reached end-of-life) saucy_glpi: ignored (reached end-of-life) trusty_glpi: not-affected (0.80.7-1) trusty/esm_glpi: DNE (trusty was not-affected [0.80.7-1]) utopic_glpi: ignored (reached end-of-life) vivid_glpi: ignored (reached end-of-life) vivid/stable-phone-overlay_glpi: DNE vivid/ubuntu-core_glpi: DNE wily_glpi: ignored (reached end-of-life) xenial_glpi: not-affected (0.80.7-1) yakkety_glpi: not-affected (0.80.7-1) devel_glpi: DNE Patches_moodle: upstream_moodle: needs-triage dapper_moodle: ignored (reached end-of-life) hardy_moodle: ignored (reached end-of-life) jaunty_moodle: ignored (reached end-of-life) karmic_moodle: ignored (reached end-of-life) lucid_moodle: ignored (reached end-of-life) maverick_moodle: ignored (reached end-of-life) natty_moodle: ignored (reached end-of-life) oneiric_moodle: ignored (reached end-of-life) precise_moodle: not-affected (1.9.9.dfsg2-5) quantal_moodle: not-affected (1.9.9.dfsg2-5) raring_moodle: not-affected (1.9.9.dfsg2-5) saucy_moodle: not-affected (1.9.9.dfsg2-5) trusty_moodle: not-affected (1.9.9.dfsg2-5) trusty/esm_moodle: DNE (trusty was not-affected [1.9.9.dfsg2-5]) utopic_moodle: not-affected (1.9.9.dfsg2-5) vivid_moodle: not-affected (1.9.9.dfsg2-5) vivid/stable-phone-overlay_moodle: DNE vivid/ubuntu-core_moodle: DNE wily_moodle: not-affected (1.9.9.dfsg2-5) xenial_moodle: not-affected (1.9.9.dfsg2-5) yakkety_moodle: not-affected (1.9.9.dfsg2-5) devel_moodle: not-affected (1.9.9.dfsg2-5)