Description

Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

Remediation

References

CVE-2010-1618

Related Vulnerabilities

WordPress Plugin Content Aware Sidebars-Unlimited Widget Areas Security Bypass (3.8)

MySQL CVE-2019-2741 Vulnerability (CVE-2019-2741)

WordPress Plugin Uncanny Toolkit for LearnDash Cross-Site Request Forgery (3.6.3)

WordPress Plugin Yoast SEO Cross-Site Scripting (5.7.1)

Oracle Application Server Other Vulnerability (CVE-2007-2122)

Severity

Medium

Classification

CVE-2010-1618 CWE-707

Tags

Missing Update Known Vulnerabilities