CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2015-5513
https://notcve.org/view.php?id=CVE-2015-5513
18 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. Vulnerabilidad de XSS en el módulo de autenticación Shibboleth 6.x-4.x en versiones anteriores a 6.x-4.2 y 7.x-4.x en versiones anteriores a 7.x-4.2 para Drupal, permite a usuarios remotos autenticados con lo... • http://www.openwall.com/lists/oss-security/2015/07/04/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3375
https://notcve.org/view.php?id=CVE-2015-3375
21 Apr 2015 — Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors. Vulnerabilidad de CSRF en el módulo Shibboleth Authentication anterior a 6.x-4.1 y 7.x-4.x anterior a 7.x-4.1 para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que elimina... • http://www.openwall.com/lists/oss-security/2015/01/29/6 • CWE-352: Cross-Site Request Forgery (CSRF) •