Cross site scripting

2015-08-1818:00:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the “Administer blocks” permission to inject arbitrary web script or HTML via unspecified vectors related to a login link.

CPENameOperatorVersion
shibboleth_authenticationeq7.120.41
shibboleth_authenticationeq6.x-4.2rc1
shibboleth_authenticationeq7.120.40
shibboleth_authenticationeq6.120.41
shibboleth_authenticationeq7.x-4.2 rc1
shibboleth_authenticationeq6.120.40

Name	Operator	Version
shibboleth_authentication	eq	7.120.41
shibboleth_authentication	eq	6.x-4.2rc1
shibboleth_authentication	eq	7.120.40
shibboleth_authentication	eq	6.120.41
shibboleth_authentication	eq	7.x-4.2 rc1
shibboleth_authentication	eq	6.120.40