CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27773 – SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding
https://notcve.org/view.php?id=CVE-2025-27773
11 Mar 2025 — The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue. • https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52806 – SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
https://notcve.org/view.php?id=CVE-2024-52806
02 Dec 2024 — SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. La librería SAML2 SimpleSAMLphp es una librería PHP para funciones relacionadas con SAML2. Al cargar un documento XML (no confiable), por ejemplo, SAMLResponse, es posible inducir un XXE. • https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52596 – SimpleSAMLphp xml-common XXE vulnerability
https://notcve.org/view.php?id=CVE-2024-52596
02 Dec 2024 — SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0. SimpleSAMLphp xml-common es una clase común para manejar estructuras XML. Al cargar un documento XML (no confiable), por ejemplo SAMLResponse, es posible inducir un XXE. • https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34580
https://notcve.org/view.php?id=CVE-2024-34580
26 Jun 2024 — Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault." Apache XML Security para C++ hasta 2.0.4 implementa la especificación de procesamiento y sintaxis de firma XML (XMLDsig) sin protección contra un payload SSRF en un elemento KeyInfo. NOTA: e... • https://cloud.google.com/blog/topics/threat-intelligence/apache-library-allows-server-side-request-forgery • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49087 – Validation of SignedInfo
https://notcve.org/view.php?id=CVE-2023-49087
30 Nov 2023 — xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it w... • https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-10008 – simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting
https://notcve.org/view.php?id=CVE-2010-10008
17 Jan 2023 — A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. • https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/commit/8365d48c863cf06ccf1465cc0a161cefae29d69d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2010-10004 – Information Cards Module cross site scripting
https://notcve.org/view.php?id=CVE-2010-10004
09 Jan 2023 — A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. • https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/f6bfea49ae16dc6e179df8306d39c3694f1ef186 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2010-10002 – SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting
https://notcve.org/view.php?id=CVE-2010-10002
01 Jan 2023 — A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38320 – simpleSAMLphp Authentication <= 0.7.0 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38320
08 Sep 2021 — The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. El plugin simpleSAMLphp Authentication de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado debido a un valor $_SERVER["PHP_SELF"] reflejado en el archivo ~/simplesamlphp-authentication.php que permit... • https://plugins.trac.wordpress.org/browser/simplesamlphp-authentication/tags/0.7.0/simplesamlphp-authentication.php#L307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5301 – Information disclosure of source code in SimpleSAMLphp
https://notcve.org/view.php?id=CVE-2020-5301
21 Apr 2020 — SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is... • https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e • CWE-178: Improper Handling of Case Sensitivity CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •