CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...

5.4CVSS6.9AI score0.00196EPSS

Exploits0References2

RedHat Linux•added 2019/06/10 4:39 p.m.•2 views

picketlink: reflected XSS in SAMLRequest via RelayState parameter

5.4CVSS5.6AI score0.00196EPSS

Exploits0References4

CNVD•added 2015/08/28 12:0 a.m.•1 views

Red Hat PicketLink Privilege Bypass Vulnerability

Red Hat PicketLink is a unified identity management framework for Java applications. The 'invokeNextValve' function in the identity/federation/bindings/tomcat/idp/AbstractIDPValve.java file of Red Hat PicketLink failed to correctly Checking role-based authorization allows remote attackers to send...

4CVSS7.1AI score0.00467EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by