Upstream information
Description
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
- SUSE-SR:2010:011, published Mon, 10 May 2010 14:00:00 +0000
- openSUSE-SU-2010:0212-1, published Tue, 4 May 2010 19:08:14 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE 11.0 |
| |
openSUSE 11.0 |
| |
openSUSE 11.1 |
| |
openSUSE 11.1 |
|