Lucene search

GitHub Advisory DatabaseGHSA-FV7M-WC3V-WR3W

HistoryMay 14, 2022 - 1:04 a.m.

SimpleSAMLphp XSS Vulnerability

2022-05-1401:04:10

CWE-79

GitHub Advisory Database

github.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim’s web browser.

CPENameOperatorVersion
simplesamlphp/simplesamlphplt1.14.16

CPE	Name	Operator	Version
	simplesamlphp/simplesamlphp	lt	1.14.16

References

github.com/advisories/GHSA-fv7m-wc3v-wr3w

github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18121.yaml

lists.debian.org/debian-lts-announce/2018/02/msg00008.html

nvd.nist.gov/vuln/detail/CVE-2017-18121

simplesamlphp.org/security/201709-01

www.debian.org/security/2018/dsa-4127

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for GHSA-FV7M-WC3V-WR3W