VulnerableCode Vulnerability Details - VCID-2ez9-qhs4-rfgc

Search for vulnerabilities

Vulnerability details: VCID-2ez9-qhs4-rfgc

Essentials
Severities (11)
References (13)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2ez9-qhs4-rfgc
Aliases	CVE-2010-1618 GHSA-45ch-hxgr-vx8j
Summary	phpCAS client library and Moodle Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
generic_textual	MODERATE	http://moodle.org/security
epss	0.00273	https://api.first.org/data/v1/epss?cve=CVE-2010-1618
epss	0.00273	https://api.first.org/data/v1/epss?cve=CVE-2010-1618
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-45ch-hxgr-vx8j
generic_textual	MODERATE	https://github.com/apereo/phpCAS
generic_textual	MODERATE	https://github.com/apereo/phpCAS/commit/021633112198b37555b35340cde884d1016d9e47
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-1618
generic_textual	MODERATE	http://www.ja-sig.org/issues/browse/PHPCAS-52
generic_textual	MODERATE	http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog
generic_textual	MODERATE	http://www.vupen.com/english/advisories/2010/1107

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
		http://moodle.org/security
		http://moodle.org/security/
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1618.json
		https://api.first.org/data/v1/epss?cve=CVE-2010-1618
		https://github.com/apereo/phpCAS
		https://github.com/apereo/phpCAS/commit/021633112198b37555b35340cde884d1016d9e47
		https://nvd.nist.gov/vuln/detail/CVE-2010-1618
		http://www.ja-sig.org/issues/browse/PHPCAS-52
		http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog
		http://www.vupen.com/english/advisories/2010/1107
578811		https://bugzilla.redhat.com/show_bug.cgi?id=578811
GHSA-45ch-hxgr-vx8j		https://github.com/advisories/GHSA-45ch-hxgr-vx8j

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.50458
EPSS Score	0.00273
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:49.881421+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-45ch-hxgr-vx8j/GHSA-45ch-hxgr-vx8j.json	36.1.3