576 matches found
CVE-2021-38320
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...
CVE-2021-38320
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...
Cross site scripting
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...
CVE-2021-38320
CVE-2021-38320 concerns the WordPress plugin simpleSAMLphp Authentication (versions
CVE-2021-38320 simpleSAMLphp Authentication <= 0.7.0 Reflected Cross-Site Scripting
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...
CVE-2021-38320 simpleSAMLphp Authentication <= 0.7.0 Reflected Cross-Site Scripting
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...
WordPress plugin跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...
WordPress simpleSAMLphp Authentication plugin <= 0.7.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress simpleSAMLphp Authentication plugin versions = 0.7.0. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
Tenable SecurityCenter 5.9.x to 5.12.x SimpleSAMLPHP Privilege Escalation (TNS-2020-01)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is 5.9.x, 5.10.x, 5.11.x or 5.12.x. It is, therefore, affected by a privilege escalation vulnerability due to incorrect validation of cryptographic signatures in XML messages in the...
GHSA-24M3-W8G9-JWPQ Information disclosure of source code in SimpleSAMLphp
Background The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. Description The che...
Information disclosure of source code in SimpleSAMLphp
Background The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. Description The che...
Information Disclosure
simplesamlphp is vulnerable to information disclosure. It does not properly handle a request with an uppercase file extension '.PHP', causing the server to disclose the contents of the file by sending to the browser instead of executing it and therefore leaking the sensitive source code in...
SimpleSAMLphp Information Disclosure Vulnerability (CNVD-2020-33253)
SimpleSAMLphp is a PHP authentication application that implements the SAML 2.0 Service Provider and Identity Provider features. An information disclosure vulnerability exists in SimpleSAMLphp versions prior to 1.18.6. The vulnerability stems from an error in configuration or other errors in the...
CVE-2020-5301
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
CVE-2020-5301
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
CVE-2020-5301
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
Information disclosure
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...