Lucene search
K

37 matches found

Prion
Prion
added 2022/02/28 4:15 p.m.27 views

Design/Logic Flaw

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...

4.3CVSS5.9AI score0.00667EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/28 3:22 p.m.78 views

CVE-2022-26155

Cherwell Service Management (CSM) web application, version 10.2.3, is affected by an XSS vulnerability exploitable via a payload in the SAMLResponse parameter of the HTTP request body. The issue is documented across multiple sources (NVD, Red Hat, CVE repositories) with the same root cause: unesc...

6.1CVSS5.9AI score0.00667EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/28 3:22 p.m.23 views

CVE-2022-26155

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...

6.1AI score0.00667EPSS
Exploits0References2
0day.today
0day.today
added 2021/10/01 12:0 a.m.307 views

MiniOrange SAML Drupal Module 8.x-2.22 Privilege escalation via XML Signature Wrapping Vulnerability

Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED Tested on: Linux...

0.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/06/24 2:27 p.m.10 views

All Vulnerabilities for ltedge01.fco.gov.uk Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| ltedge01.fco.gov.uk ---|--- Open Bug...

Exploits0
Hacker One
Hacker One
added 2020/03/06 10:9 a.m.22 views

Rocket.Chat: SAML authentication bypass

Summary When using SAML authentication, responses are not checked properly. This allows attacker to inject/modify any assertions in the SAML response and thus, for example, authenticate as administrator. Description Following code snippets are from app/meteor-accounts-saml/server/samlutils.js Whe...

0.6AI score
Exploits0
NVD
NVD
added 2020/02/17 4:15 p.m.26 views

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

6.1CVSS6AI score0.01376EPSS
Exploits1References3
Prion
Prion
added 2020/02/17 4:15 p.m.19 views

Cross site scripting

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

4.3CVSS5.9AI score0.01376EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/02/17 3:1 p.m.36 views

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

6AI score0.01376EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2019/10/11 5:29 p.m.28 views

CVE-2019-3873

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS1.2AI score0.00927EPSS
Exploits0References3
NVD
NVD
added 2019/06/24 9:15 p.m.19 views

CVE-2019-12346

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post...

6.1CVSS6AI score0.01066EPSS
Exploits1References2
Prion
Prion
added 2019/06/24 9:15 p.m.16 views

Code injection

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post...

4.3CVSS5.9AI score0.01066EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/06/12 2:29 p.m.29 views

CVE-2019-3873

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS7.5AI score0.00927EPSS
Exploits0References2
Prion
Prion
added 2019/06/12 2:29 p.m.20 views

Cross site scripting

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

6CVSS8.9AI score0.00927EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/06/12 1:43 p.m.42 views

CVE-2019-3873

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

6.4CVSS9AI score0.00927EPSS
Exploits0References2
Kitploit
Kitploit
added 2018/01/06 8:45 p.m.22 views

shimit - A tool that implements the Golden SAML attack

shimit is a python tool that implements the Golden SAML attack. More informations on this can be found in the following article on our blog. python .\shimit.py -h usage: shimit.py -h -pk KEY -c CERT -sp SP -idp IDP -u USER -reg REGION --SessionValidity SESSIONVALIDITY --SamlValidity SAMLVALIDITY ...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2016/07/20 12:0 a.m.1 views

SugarCRM 'SAMLResponse' Parameter XML External Entity Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. An XML external...

7.7AI score
Exploits0References1
Rows per page
Query Builder