simplesamlphp is vulnerable to cross-site scripting (XSS) attacks. A malicious user can craft URLs that include Javascript to pass to another user for execution through the setConsentText
function in the consentAdmin
module. This vulnerability requires the consentAdmin
module to be enabled and configured in an Identity Provider.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/simplesamlphp | le | 1.14.15 |