ghsa-59jq-66fv-jgww
Vulnerability from github
Published
2022-05-24 16:47
Modified
2024-04-04 00:56
Severity
Details
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
{ "affected": [], "aliases": [ "CVE-2019-3873" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-06-12T14:29:00Z", "severity": "CRITICAL" }, "details": "It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.", "id": "GHSA-59jq-66fv-jgww", "modified": "2024-04-04T00:56:43Z", "published": "2022-05-24T16:47:56Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3873" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/108739" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading...