Jasig CAS server version 4.0.1 suffers from multiple cross site scripting vulnerabilities.