GHSA-fv7m-wc3v-wr3w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fv7m-wc3v-wr3w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fv7m-wc3v-wr3w/GHSA-fv7m-wc3v-wr3w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fv7m-wc3v-wr3w
- Aliases
- Published
- 2022-05-14T01:04:10Z
- Modified
- 2024-02-16T08:01:50.071224Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- SimpleSAMLphp XSS Vulnerability
- Details
-
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
- Database specific
{ "nvd_published_at": "2018-02-02T15:29:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-26T21:49:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-18121
- https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18121.yaml
- https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
- https://simplesamlphp.org/security/201709-01
- https://www.debian.org/security/2018/dsa-4127
Affected packages
Packagist / simplesamlphp/simplesamlphp
Package
- Name
- simplesamlphp/simplesamlphp
- Purl
- pkg:composer/simplesamlphp/simplesamlphp