CVE-2026-46491

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the logout process. An attacker can redirect users to arbitrary external websites by supplying a crafted url parameter. This is only exploitable if the configuration option enablelogout is set to true, and is most...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads...

GHSA-GGJ9-6X8J-49W9 SimpleSAMLphp simplesamlphp-module-openid

A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to...

CVE-2010-10002

The vulnerability CVE-2010-10002 affects the SimpleSAMLphp package, specifically the simplesamlphp-module-openid OpenID Handler. The issue is an input manipulation in the file templates/consumer.php (AuthState) that enables cross-site scripting. Exploitation can be performed remotely; the attack ...