VIR Vulnerability Intelligence Relay

CVE-2010-1618

medium
Published 2010-04-29 · Modified 2024-02-07
CVSS v3
CVSS v2
4.3
VIR risk
4.3

Description

phpCAS client library and Moodle Cross-site Scripting vulnerability

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.ja-sig.org/issues/browse/PHPCAS-52

Package impact
EcosystemPackageVulnerableFixed
php Packagistapereo/phpcas<1.1.01.1.0
php Packagistmoodle/moodle>=1.8.0,<1.8.121.8.12
php Packagistmoodle/moodle>=1.9.0,<1.9.81.9.8

Application impact
VendorProductVersionsFixed
ja-sigphpcas_client_library1.0.0
ja-sigphpcas_client_library1.0.1
moodlemoodle1.8.1
moodlemoodle1.8.2
moodlemoodle1.8.3
moodlemoodle1.8.4
moodlemoodle1.8.5
moodlemoodle1.8.6
moodlemoodle1.8.7
moodlemoodle1.8.8
moodlemoodle1.8.9
moodlemoodle1.8.10
moodlemoodle1.8.11
moodlemoodle1.9.1
moodlemoodle1.9.2
moodlemoodle1.9.3
moodlemoodle1.9.4
moodlemoodle1.9.5
moodlemoodle1.9.6
moodlemoodle1.9.7

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.