Cross-Site Scripting in miniOrange SAML SP Single Sign On Plugin for WordPress
CVE-2019-12346
6.1MEDIUM
What is CVE-2019-12346?
The miniOrange SAML SP Single Sign On plugin for WordPress prior to version 4.8.73 is susceptible to a Cross-Site Scripting (XSS) flaw. An attacker can exploit this vulnerability by sending a specially crafted SAMLResponse XML post to the SAML Login Endpoint, allowing for unauthorized actions in the context of the affected user session. This vulnerability poses a significant risk to site security, as it may enable attackers to execute malicious scripts in the browser of unsuspecting users.