RSS   Vulnerabilities for 'Saml sp single sign on'   RSS

2020-02-17
 
CVE-2020-6850

CWE-79
 

 
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.

 

 >>> Vendor: Miniorange 4 Products
Google authenticator
SAML
Saml sp single sign on
Oauth single sign on


Copyright 2024, cxsecurity.com

 

Back to Top