CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2012-0040
https://notcve.org/view.php?id=CVE-2012-0040
Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en modules/core/www/no_cookie.php en SimpleSAMLphp v1.8.1 y posiblemente en otras versiones anteriores a v1.8.2 permite a atacantes remotos inyectar código HTML o script web a través del parámetro 'retryURL'. • http://code.google.com/p/simplesamlphp/issues/detail?id=468 http://osvdb.org/78254 http://secunia.com/advisories/47491 http://secunia.com/advisories/47534 http://www.debian.org/security/2012/dsa-2387 http://www.openwall.com/lists/oss-security/2012/01/20/20 http://www.securityfocus.com/bid/51372 https://exchange.xforce.ibmcloud.com/vulnerabilities/72313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •