2 matches found
CVE-2025-47949
Summary: samlify (Node.js SAML library) has a Signature Wrapping vulnerability in versions prior to 2.10.0, enabling an attacker to forge a SAML Response to impersonate any user. An attacker would need a signed XML document from the identity provider. Fix/mitigation: Upgrade to version 2.10.0 or ...
CVE-2026-46490
CVE-2026-46490 affects samlify (Node.js) prior to v2.13.0. The issue: template substitution only escapes attribute contexts; values placed in element text (e.g., saml:AttributeValue ) aren’t escaped. An attacker can inject XML markup into attribute values (e.g., email, name) and insert new saml:A...