Joachim Fritschi » Phpcas : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.
Max CVSS
2.6
EPSS Score
0.33%
Published
2010-08-05
Updated
2017-08-17
phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.
Max CVSS
4.0
EPSS Score
0.21%
Published
2010-08-05
Updated
2017-08-17
2 vulnerabilities found