Description

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

Remediation

References

CVE-2019-3872

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2018-1000773)

WordPress Plugin 0mk Shortener Cross-Site Request Forgery (0.2)

WordPress Plugin Photoswipe Masonry Gallery Unspecified Vulnerability (1.2.17)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6105)

WordPress Plugin Bookmarkify Multiple Vulnerabilities (2.9.2)

Severity

Medium

Classification

CVE-2019-3872 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities