| Vulnerability Name: | CVE-2010-1618 (CCN-57550) |
| Assigned: | 2010-04-06 |
| Published: | 2010-04-06 |
| Updated: | 2020-12-01 |
| Summary: | Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-79
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2010-1618
Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:011
Source: CCN
Type: MSA-10-0002
XSS vulnerabilty in the phpcas module
Source: CONFIRM
Type: UNKNOWN
http://moodle.org/security/
Source: DEBIAN
Type: DSA-2115
moodle -- several vulnerabilities
Source: CONFIRM
Type: Vendor Advisory
http://www.ja-sig.org/issues/browse/PHPCAS-52
Source: CONFIRM
Type: UNKNOWN
http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog
Source: CCN
Type: OSVDB ID: 63123
phpCAS Unspecified XSS
Source: CCN
Type: BID-39150
Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
Source: VUPEN
Type: UNKNOWN
ADV-2010-1107
Source: XF
Type: UNKNOWN
moodle-phpcas-xss(57550)
Source: SUSE
Type: SUSE-SR:2010:011
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*OR cpe:/a:ja-sig:phpcas_client_library:1.0.1:*:*:*:*:*:*:*
Configuration 2:
cpe:/a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*OR cpe:/a:ja-sig:phpcas_client_library:1.0.1:*:*:*:*:*:*:*AND cpe:/a:moodle:moodle:1.8.5:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.4:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.5:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.4:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.1:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.3:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.9:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.7:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.3:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.8:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.6:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.7:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.6:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.2:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.10:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.11:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.2:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:moodle:moodle:1.9.7:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.11:*:*:*:*:*:*:*AND cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |