CVEDB API

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.68

EPSS Ranking 98.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2021-42567

Apereo » Central Authentication Service » Version: 6.3.0

cpe:2.3:a:apereo:central_authentication_service:6.3.0
Apereo » Central Authentication Service » Version: 6.3.1

cpe:2.3:a:apereo:central_authentication_service:6.3.1
Apereo » Central Authentication Service » Version: 6.3.2

cpe:2.3:a:apereo:central_authentication_service:6.3.2
Apereo » Central Authentication Service » Version: 6.3.3

cpe:2.3:a:apereo:central_authentication_service:6.3.3
Apereo » Central Authentication Service » Version: 6.3.4

cpe:2.3:a:apereo:central_authentication_service:6.3.4
Apereo » Central Authentication Service » Version: 6.3.5

cpe:2.3:a:apereo:central_authentication_service:6.3.5
Apereo » Central Authentication Service » Version: 6.3.6

cpe:2.3:a:apereo:central_authentication_service:6.3.6
Apereo » Central Authentication Service » Version: 6.3.7

cpe:2.3:a:apereo:central_authentication_service:6.3.7
Apereo » Central Authentication Service » Version: 6.4.0

cpe:2.3:a:apereo:central_authentication_service:6.4.0
Apereo » Central Authentication Service » Version: 6.4.1

cpe:2.3:a:apereo:central_authentication_service:6.4.1