Moderate severityNVD Advisory· Published Apr 29, 2010· Updated Apr 29, 2026
CVE-2010-1618
CVE-2010-1618
Description
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apereo/phpcasPackagist | < 1.1.0 | 1.1.0 |
moodle/moodlePackagist | >= 1.8.0, < 1.8.12 | 1.8.12 |
moodle/moodlePackagist | >= 1.9.0, < 1.9.8 | 1.9.8 |
Affected products
20cpe:2.3:a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ja-sig:phpcas_client_library:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ja-sig:phpcas_client_library:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
Patches
1021633112198PHPCAS-52 Fix XSS vulnerabiltity. Sanatize parameters before using the url submitted by a client.
1 file changed · +14 −13
source/CAS/client.php+14 −13 modified@@ -2586,20 +2586,21 @@ function getURL() } } - $php_is_for_sissies = split("\?", $_SERVER['REQUEST_URI'], 2); - $final_uri .= $php_is_for_sissies[0]; - if(sizeof($php_is_for_sissies) > 1){ - $cgi_params = '?' . $php_is_for_sissies[1]; - } else { - $cgi_params = '?'; + $baseurl = split("\?", $_SERVER['REQUEST_URI'], 2); + $final_uri .= $baseurl[0]; + $query_string = ''; + if ($_GET) { + $kv = array(); + foreach ($_GET as $key => $value) { + if($key !== "ticket"){ + $kv[] = urlencode($key). "=" . urlencode($value); + } + } + $query_string = join("&", $kv); + } + if($query_string){ + $final_uri .= "?" . $query_string; } - // remove the ticket if present in the CGI parameters - $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params); - $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params); - $cgi_params = preg_replace('/\?%26/','?',$cgi_params); - $cgi_params = preg_replace('/\?&/','?',$cgi_params); - $cgi_params = preg_replace('/\?$/','',$cgi_params); - $final_uri .= $cgi_params; $this->setURL($final_uri); } phpCAS::traceEnd($this->_url);
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- www.ja-sig.org/issues/browse/PHPCAS-52nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-45ch-hxgr-vx8jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-1618ghsaADVISORY
- lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlnvdWEB
- moodle.org/securityghsaWEB
- www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLognvdWEB
- www.vupen.com/english/advisories/2010/1107nvdWEB
- github.com/apereo/phpCAS/commit/021633112198b37555b35340cde884d1016d9e47ghsaWEB
- moodle.org/security/nvd
News mentions
0No linked articles in our index yet.