Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

582 matches found

OSV
OSVadded 2020/01/24 9:27 p.m.11 views

GHSA-2R3V-Q9X3-7G46 Link injection in SimpleSAMLphp

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

3.7CVSS7AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2020/01/24 9:27 p.m.44 views

Link injection in SimpleSAMLphp

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

0.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2020/01/24 9:26 p.m.60 views

Cross-site scripting in SimpleSAMLphp

Background SimpleSAMLphp allows users to report errors and failures to the system administrators via a web form. This web form gathers some contextual information automatically, but it also allows the user to provide their email address for follow-ups and a free-text explanation of what happened...

5.4CVSS4.9AI score0.00544EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2020/01/24 9:26 p.m.25 views

GHSA-MJ9P-V2R8-WF8W Cross-site scripting in SimpleSAMLphp

Background SimpleSAMLphp allows users to report errors and failures to the system administrators via a web form. This web form gathers some contextual information automatically, but it also allows the user to provide their email address for follow-ups and a free-text explanation of what happened...

4.4CVSS5.3AI score0.00544EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2020/01/24 9:26 p.m.63 views

Log injection in SimpleSAMLphp

Background SimpleSAMLphp has a logging functionality that allows system administrators to keep track of the activity, errors, and statistics. Additionally, it allows users to report errors, shall they happen. An error report contains a report identifier, which is logged once submitted. Descriptio...

5.5CVSS1.6AI score0.00586EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2020/01/24 9:26 p.m.16 views

GHSA-6GC6-M364-85WW Log injection in SimpleSAMLphp

Background SimpleSAMLphp has a logging functionality that allows system administrators to keep track of the activity, errors, and statistics. Additionally, it allows users to report errors, shall they happen. An error report contains a report identifier, which is logged once submitted. Descriptio...

4.4CVSS5.4AI score0.00586EPSS
Exploits0References3
Cvelist
Cvelistadded 2020/01/24 9:15 p.m.15 views

CVE-2020-5226 Cross-site scripting in SimpleSAMLphp

Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a...

4.4CVSS5.2AI score0.00544EPSS
Exploits0References2
CVE
CVEadded 2020/01/24 9:15 p.m.94 views

CVE-2020-5226

CVE-2020-5226 affects SimpleSAMLphp prior to 1.18.4. The vulnerability stems from www/errorreport.php where error reports are sent via the SimpleSAML\Utils\EMail wrapper. Starting with 1.18.0, Twig-based email templates were introduced; Twig escapes variables, but the older plain PHP template did...

5.4CVSS4.7AI score0.00544EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2020/01/24 9:15 p.m.24 views

CVE-2020-5226

Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a...

5.4CVSS5.2AI score0.00544EPSS
Exploits0
NVD
NVDadded 2020/01/24 9:15 p.m.26 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS5.2AI score0.00586EPSS
Exploits0References2
OSV
OSVadded 2020/01/24 9:15 p.m.13 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.4CVSS7AI score
Exploits0References2
OSV
OSVadded 2020/01/24 9:15 p.m.2 views

DEBIAN-CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.4CVSS5.8AI score0.00586EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2020/01/24 9:15 p.m.16 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS6AI score0.00586EPSS
Exploits0References3
OSV
OSVadded 2020/01/24 9:15 p.m.3 views

UBUNTU-CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.4CVSS5.8AI score0.00586EPSS
Exploits0References4
Prion
Prionadded 2020/01/24 9:15 p.m.17 views

Design/Logic Flaw

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS5.6AI score0.00586EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2020/01/24 8:55 p.m.80 views

CVE-2020-5225

The CVE-2020-5225 issue affects SimpleSAMLphp up to version 1.18.3, where the www/errorreport.php endpoint did not sanitize the reportID parameter, allowing an attacker to inject newline characters and append arbitrary log lines when the file logging handler is used. This could lead to log inject...

5.5CVSS5.1AI score0.00586EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/01/24 8:55 p.m.34 views

CVE-2020-5225 Log injection in SimpleSAMLphp

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

4.4CVSS5.6AI score0.00586EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2020/01/24 8:55 p.m.15 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS5.6AI score0.00586EPSS
Exploits0
Tenable Product Security Advisories
Tenable Product Security Advisoriesadded 2020/01/06 4:42 p.m.14 views

[R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components SimpleSAMLPHP was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

7.1AI score
Exploits0
Tenable Product Security Advisories
Tenable Product Security Advisoriesadded 2019/12/30 8:5 p.m.38 views

[R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Three separate third-party components OpenSSL, Apache HTTP Server, SimpleSAMLphp were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line wi...

7.2AI score
Exploits0
Rows per page
Query Builder