Cross-site scripting (XSS) vulnerability in the phpCAS client library prior to 1.1.0, as used in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8, allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ja-sig phpcas client library 1.0.0 |
||
ja-sig phpcas client library 1.0.1 |
||
ja-sig phpcas_client_library 1.0.0 |
||
ja-sig phpcas_client_library 1.0.1 |
||
moodle moodle 1.8.5 |
||
moodle moodle 1.8.4 |
||
moodle moodle 1.9.5 |
||
moodle moodle 1.9.4 |
||
moodle moodle 1.8.1 |
||
moodle moodle 1.8.3 |
||
moodle moodle 1.8.9 |
||
moodle moodle 1.8.7 |
||
moodle moodle 1.9.3 |
||
moodle moodle 1.8.8 |
||
moodle moodle 1.8.6 |
||
moodle moodle 1.9.7 |
||
moodle moodle 1.9.6 |
||
moodle moodle 1.8.2 |
||
moodle moodle 1.8.10 |
||
moodle moodle 1.8.11 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.9.1 |