CVE-2010-2796

Published: Aug 5, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-2172

vendor-advisory

x_refsource_DEBIAN

ADV-2011-0456

vdb-entry

x_refsource_VUPEN

https://issues.jasig.org/browse/PHPCAS-67

x_refsource_CONFIRM

41240

third-party-advisory

x_refsource_SECUNIA

40845

third-party-advisory

x_refsource_SECUNIA

FEDORA-2010-12258

vendor-advisory

x_refsource_FEDORA

42160

vdb-entry

x_refsource_BID

ADV-2010-2909

vdb-entry

x_refsource_VUPEN

https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog

x_refsource_CONFIRM

ADV-2010-2261

vdb-entry

x_refsource_VUPEN

42149

third-party-advisory

x_refsource_SECUNIA

https://forge.indepnet.net/projects/glpi/repository/revisions/12601

x_refsource_CONFIRM

FEDORA-2010-12247

vendor-advisory

x_refsource_FEDORA

43427

third-party-advisory

x_refsource_SECUNIA

phpcas-callback-url-xss(60895)

vdb-entry

x_refsource_XF

ADV-2010-2234

vdb-entry

x_refsource_VUPEN

FEDORA-2010-16912

vendor-advisory

x_refsource_FEDORA

FEDORA-2010-16905

vendor-advisory

x_refsource_FEDORA

42184

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-2796

Description

Affected Products

References