It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss_enterprise_application_platform 7.2.0 |
||
redhat single sign-on 7.0 |