Cross-Site Scripting Vulnerability in SimpleSAMLphp by SimpleSAML
CVE-2017-18121

6.1MEDIUM

Key Information:

Vendor

SimplesamlPHP

Status
SimplesamlPHP
Vendor
CVE Published:
2 February 2018

What is CVE-2017-18121?

The consentAdmin module in SimpleSAMLphp prior to version 1.14.15 has a vulnerability that allows a Cross-Site Scripting (XSS) attack. Attackers can exploit this flaw by creating malicious links that, when clicked by users, can execute arbitrary JavaScript code in the victims' browsers. This could lead to a range of security issues, including unauthorized access to sensitive information.

References

https://simplesamlphp.org/security/201709-01
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/02/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4127
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.