PT-2024-40468 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.4 Description: The issue allows attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link href and retryURL...

The vulnerability in the software implementation of the SAML protocol simpleamlphp/saml2 and the XML document security processing programs simpleamlphp/xml-security, related to insufficient verification of data authenticity, allows a perpetrator to create false SAML messages.

The vulnerability of the SAML protocol implementation in simpleamlphp/saml2 and the XML document security processing in simpleamlphp/xml-security is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to create a fake SAML message...

xml-security Data Forgery Issue Vulnerability

xml-security is SimpleSAMLphp open source library. xml-security version 1.6.11, saml2 5.0.0-alpha.13 version of the data forgery problem vulnerability , the vulnerability stems from the XML signature validation needs to verify that the hash value of the XML document in question matches a specific...

Improper Signature Validation

simplesamlphp/xml-security and simplesamlphp/saml2 are vulnerable to Improper Signature Validation. The vulnerability is due to a lack of proper signature validation in the validateReference method. This could lead to the forging of digital signatures...

GHSA-WW7X-3GXH-QM6R Validation of SignedInfo

Validation of an XML Signature requires verification that the hash value of the related XML-document after any optional transformations and/or normalizations matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree the one that contains the DigestValue...

Tenable Security Center 5.23.1 / 6.0.0 / 6.1.0 / 6.1.1 / 6.2.0 Multiple Vulnerabilities (TNS-2023-42)

According to its self-reported version, the Tenable Security Center running on the remote host is affected by multiple vulnerabilities as referenced in the TNS-2023-42 advisory. - Security Center leverages third-party software to help provide underlying functionality. Several of the third-party...

Debian: Security Advisory (DLA-1205-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

GHSA-CHGC-RQJR-46GG simplesamlphp-module-openidprovider Cross Site Scripting vulnerability

A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting...

simplesamlphp-module-openidprovider Cross Site Scripting vulnerability

A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting...

CVE-2010-10008

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads...

CVE-2010-10008 simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads...

CVE-2010-10008

Summary: CVE-2010-10008 affects the simplesamlphp-module-openidprovider component (versions up to 0.8.x). The issue is a cross-site scripting flaw in the templates/trust.tpl.php file triggered by manipulation of the StateID argument. Exploitation can be remote. The publicly documented remediation...

CVE-2010-10008 simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads...

PT-2023-9891 · Unknown · Simplesamlphp +1

Name of the Vulnerable Software and Affected Versions: simplesamlphp simplesamlphp-module-openidprovider versions up to 0.8.x Description: A vulnerability was found in the simplesamlphp simplesamlphp-module-openidprovider. The issue affects an unknown functionality of the file...

CVE-2010-10004

A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The...

Cross site scripting

A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The...

CVE-2010-10004 Information Cards Module cross site scripting

A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The...

CVE-2010-10004

CVE-2010-10004 concerns a cross-site scripting vulnerability in the Information Cards Module of simpleSAMLphp . The issue arises from an unspecified processing path within the module, enabling XSS. The attack can be initiated remotely, and upgrading to version 1.0 mitigates the issue; the patch i...