3 matches found
Debian DSA-3973-1 : wordpress-shibboleth - security update
A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3973. T...
CVE-2017-14313
CVE-2017-14313 applies to the Shibboleth WordPress plugin (pre-1.8). The vulnerability is a cross-site scripting flaw in the shibboleth_login_form function caused by improper use of add_query_arg(), enabling injection of arbitrary script/HTML. Public advisories (DSA-3973-1, Debian announcements) ...
CVE-2017-14313
The shibbolethloginform function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of addqueryarg...