XSS Vulnerability in Shibboleth Plugin for WordPress
CVE-2017-14313

6.1MEDIUM

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
12 September 2017

What is CVE-2017-14313?

The Shibboleth plugin for WordPress prior to version 1.8 contains a Cross-Site Scripting (XSS) vulnerability in the shibboleth_login_form function located in shibboleth.php. This issue arises from improper utilization of the add_query_arg() function, which may allow attackers to inject malicious JavaScript code into the page, leading to potential exposure of sensitive user information or unauthorized actions being performed on behalf of the user.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.