{"id":"CVE-2021-42567","details":"Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.","aliases":["GHSA-gfhx-jjwq-63gv"],"modified":"2026-03-14T11:15:33.846573Z","published":"2021-12-07T22:15:06.907Z","references":[{"type":"ADVISORY","url":"https://github.com/apereo/cas/releases"},{"type":"FIX","url":"https://apereo.github.io/2021/10/18/restvuln/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasig/cas","events":[{"introduced":"d930aeac61a911fbde6db6bbce244d22086b996d"},{"fixed":"8be70c8ee43f1a90738fe189b98b2366b9c256b2"},{"introduced":"a55c2c0ecf4cea3f2a2377c3df2c852369fac8b3"},{"fixed":"2cba0f0cc54e9cf5bcdae7382ded8685dfc3ce44"}],"database_specific":{"versions":[{"introduced":"6.3.0"},{"fixed":"6.3.7.1"},{"introduced":"6.4.0"},{"fixed":"6.4.2"}]}}],"versions":["v6.3.0","v6.3.1","v6.3.2","v6.3.3","v6.3.4","v6.3.5","v6.3.6","v6.3.7","v6.4.0","v6.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42567.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}