25 matches found
CVE-2026-41670
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...
CVE-2026-41670
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...
CVE-2026-41670
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...
CVE-2026-41670
Admidio before 5.0.9 permits an attacker who knows a registered SP’s Entity ID to craft a SAML AuthnRequest with an attacker-controlled AssertionConsumerServiceURL, causing the IdP to send a signed SAML response containing user attributes to the attacker’s URL. The root cause is that ACS URL is t...
Admidio 输入验证错误漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability related to input validation errors. This...
EUVD-2026-5244
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
PT-2026-6046
Name of the Vulnerable Software and Affected Versions Rapid7 InsightVM versions prior to 8.34.0 Description Rapid7 InsightVM installations utilizing the "Security Console" setup are susceptible to a signature verification flaw on the Assertion Consumer Service ACS cloud endpoint. This issue allow...
CVE-2025-50055
Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...
CVE-2025-50055
OpenVPN Access Server 2.14.0–2.14.3 exposes an XSS vulnerability in the SAML Authentication module via the RelayState parameter. The issue allows an attacker-controlled RelayState to inject arbitrary script/HTML, potentially leading to client-side impact. The CVE description in official records n...
CVE-2025-50055
Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...
GHSA-8RMM-GM28-PJ8Q Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...
keycloak: XSS via assertion consumer service URL in SAML POST-binding flow
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...
PT-2024-5147 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS,...
keycloak: XSS via assertion consumer service URL in SAML POST-binding flow
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...
PT-2023-27527 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 8.2.12 Description: A malicious actor can send a malformed security assertion markup language SAML request to the "/saml/acs" REST endpoint, causing a denial of...
The software for managing identities and access control in Keycloak has vulnerabilities. This vulnerability stems from the lack of name filtering during the generation of a 404 HTTP error page. As a result, attackers can execute any desired script.
The vulnerability of the Keycloak identity and access management software lies in the absence of name filtering during the generation of a 404 HTTP error page. As a result, the name of the non-existent webpage is passed unchanged to the generated error page. Exploiting this vulnerability allows a...
Red Hat Keycloak 跨站脚本漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Keycloak. An attacker could exploit the vulnerability to execute malicious scripts by setting the...
PT-2023-3319 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak versions affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by settin...
Micro Focus Access Manager Information Leakage Vulnerability
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used...
VulnCheck KEV: CVE-2021-22506
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used...