3 matches found
CVE-2015-5513
Cross-site scripting XSS vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login...
CVE-2015-5513
CVE-2015-5513 affects Drupal via the Shibboleth authentication module (versions 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2). The root cause is an XSS flaw allowing remote authenticated users with the Administer blocks permission to inject arbitrary scripts/HTML through an unspecified vecto...
Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129
Shibboleth authentication module allows users to log in and get permissions based on federated SAML2 authentication. The module didn't filter the text that is displayed as a login link. This vulnerability was mitigated by the fact that an attacker must have a role with the permission Administer...