Title:Apereo CAS 跨站脚本漏洞 (CVE-2021-42567) Description:Apereo CAS是一套基于Web的企业多语言单点登录解决方案。 Apereo CAS 6.4.1之前版本存在安全漏洞,该漏洞允许攻击者将 XSS 通过 POST 请求发送到 REST API 端点。
Description
Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints.
File Snapshot
id: CVE-2021-42567
info:
name: Apereo CAS Cross-Site Scripting
author: pdteam
severity: mediu
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.