CVE-2017-18121
published 2018-02-02CVE-2017-18121: The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | simplesamlphp | < simplesamlphp 1.15.0-1 (bookworm) | simplesamlphp 1.15.0-1 (bookworm) |
| simplesamlphp | simplesamlphp | <= 1.14.15 | — |
| simplesamlphp | simplesamlphp | >= 0 < 1.15.0-1 | 1.15.0-1 |
| simplesamlphp | simplesamlphp | >= 0 < 1.15.0-1 | 1.15.0-1 |
| simplesamlphp | simplesamlphp | >= 1.12.0 < 1.14.16 | 1.14.16 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM