CVE-2010-3690 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apereo	Phpcas

Configuration 1 [-]

OR	cpe:2.3:a:apereo:phpcas::::::::
	cpe:2.3:a:apereo:phpcas:0.2:::::::*
	cpe:2.3:a:apereo:phpcas:0.3:::::::*
	cpe:2.3:a:apereo:phpcas:0.3.1:::::::*
	cpe:2.3:a:apereo:phpcas:0.3.2:::::::*
	cpe:2.3:a:apereo:phpcas:0.4:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.1:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.8:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.9:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.10:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.11:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.12:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.13:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.14:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.15:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.16:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.17:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.18:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.19:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.20:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.21:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.22:::::::*
	cpe:2.3:a:apereo:phpcas:0.4.23:::::::*
	cpe:2.3:a:apereo:phpcas:0.5.0:::::::*
	cpe:2.3:a:apereo:phpcas:0.5.1:::::::*
	cpe:2.3:a:apereo:phpcas:0.6.0:::::::*
	cpe:2.3:a:apereo:phpcas:1.0.0:::::::*
	cpe:2.3:a:apereo:phpcas:1.0.1:::::::*
	cpe:2.3:a:apereo:phpcas:1.1.0:::::::*
	cpe:2.3:a:apereo:phpcas:1.1.1:::::::*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
http://secunia.com/advisories/41878
http://secunia.com/advisories/42149
http://secunia.com/advisories/42184
http://secunia.com/advisories/43427
http://www.debian.org/security/2011/dsa-2172
http://www.openwall.com/lists/oss-security/2010/09/29/6
http://www.openwall.com/lists/oss-security/2010/10/01/2
http://www.openwall.com/lists/oss-security/2010/10/01/5
http://www.securityfocus.com/bid/43585
http://www.vupen.com/english/advisories/2010/2705
http://www.vupen.com/english/advisories/2010/2909
http://www.vupen.com/english/advisories/2011/0456
https://developer.jasig.org/source/changelog/jasigsvn?cs=21538
https://forge.indepnet.net/projects/glpi/repository/revisions/12601
https://issues.jasig.org/browse/PHPCAS-80