Published: 02/02/2018 Updated: 13/05/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The consentAdmin module in SimpleSAMLphp up to and including 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an malicious user to craft links that could execute arbitrary JavaScript code on the victim's web browser.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simplesamlphp simplesamlphp
debian debian linux 7.0
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #889286 simplesamlphp: CVE-2017-18121 CVE-2017-18122 Package: simplesamlphp; Maintainer for simplesamlphp is Thijs Kinkhorst <thijs@debianorg>; Source for simplesamlphp is src:simplesamlphp (PTS, buildd, popcon) Reported by: Abhijith PA <abhijith@disrootorg> Date: Sat, 3 Feb 2018 10:57:03 ...

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset CVE-2017-12869 When using the multiauth module, attackers can bypass authentic ...

CWE-79 https://simplesamlphp.org/security/201709-01 https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html https://www.debian.org/security/2018/dsa-4127 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286 https://nvd.nist.gov https://www.debian.org/security/./dsa-4127

CVE-2017-18121

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect