Description
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
Remediation
References
https://apereo.github.io/2021/10/18/restvuln/
https://github.com/apereo/cas/releases
Related Vulnerabilities
CVE-2022-21681 Vulnerability in npm package marked
CVE-2021-29444 Vulnerability in npm package jose-browser-runtime
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-service
CVE-2020-26217 Vulnerability in maven package xstream:xstream
CVE-2022-23458 Vulnerability in maven package org.webjars.npm:tui-grid