Cross-site scripting (XSS) vulnerability in the phpCAS client library prior to 1.1.0, as used in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8, allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ja-sig phpcas client library 1.0.0 |
||
ja-sig phpcas client library 1.0.1 |
||
moodle moodle 1.8.1 |
||
moodle moodle 1.8.2 |
||
moodle moodle 1.8.3 |
||
moodle moodle 1.8.4 |
||
moodle moodle 1.8.5 |
||
moodle moodle 1.8.6 |
||
moodle moodle 1.8.7 |
||
moodle moodle 1.8.8 |
||
moodle moodle 1.8.9 |
||
moodle moodle 1.8.10 |
||
moodle moodle 1.8.11 |
||
moodle moodle 1.9.1 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.9.3 |
||
moodle moodle 1.9.4 |
||
moodle moodle 1.9.5 |
||
moodle moodle 1.9.6 |
||
moodle moodle 1.9.7 |