3 matches found
CVE-2020-5226
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a...
CVE-2020-5226
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a...
CVE-2020-5226
CVE-2020-5226 affects SimpleSAMLphp prior to 1.18.4. The vulnerability stems from www/errorreport.php where error reports are sent via the SimpleSAML\Utils\EMail wrapper. Starting with 1.18.0, Twig-based email templates were introduced; Twig escapes variables, but the older plain PHP template did...