MidnightBSD

Advisories for ja-sig

CVE-2010-1618 MEDIUM

Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
moodle moodle 1.8.11
moodle moodle 1.9.5
moodle moodle 1.9.6
moodle moodle 1.8.2
moodle moodle 1.8.8
moodle moodle 1.9.2
moodle moodle 1.8.9
moodle moodle 1.8.6
moodle moodle 1.9.1
ja-sig phpcas_client_library 1.0.1
moodle moodle 1.9.3
ja-sig phpcas_client_library 1.0.0
moodle moodle 1.8.7
moodle moodle 1.8.1
moodle moodle 1.8.3
moodle moodle 1.8.4
moodle moodle 1.8.5
moodle moodle 1.9.4
moodle moodle 1.9.7
moodle moodle 1.8.10