Page 5 of 23 results (0.018 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. El módulo sanitycheck en SimpleSAMLphp en versiones anteriores a 1.14.1 permite a atacantes remotos aprender la versión de PHP en el sistema a través de vectores no especificados. • http://www.securityfocus.com/bid/96134 https://simplesamlphp.org/security/201603-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en logout.php en SimpleSAMLphp v1.8.1 y posiblemente otras versiones anterior a v1.8.2 permite a atacantes remotos inyectar código HTML o script web a través del parámetro 'link_href parameter'. • http://code.google.com/p/simplesamlphp/issues/detail?id=468 http://osvdb.org/78255 http://secunia.com/advisories/47491 http://www.openwall.com/lists/oss-security/2012/01/20/20 http://www.securityfocus.com/bid/51372 https://exchange.xforce.ibmcloud.com/vulnerabilities/72313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en modules/core/www/no_cookie.php en SimpleSAMLphp v1.8.1 y posiblemente en otras versiones anteriores a v1.8.2 permite a atacantes remotos inyectar código HTML o script web a través del parámetro 'retryURL'. • http://code.google.com/p/simplesamlphp/issues/detail?id=468 http://osvdb.org/78254 http://secunia.com/advisories/47491 http://secunia.com/advisories/47534 http://www.debian.org/security/2012/dsa-2387 http://www.openwall.com/lists/oss-security/2012/01/20/20 http://www.securityfocus.com/bid/51372 https://exchange.xforce.ibmcloud.com/vulnerabilities/72313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •