CVE-2019-3872

Summary

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

Affected Software

VendorProductVersion RangeStatus
Red Hatpicketlinkas shipped with Jboss Enterprise Application Platform 7.2.x and 7.1.xaffected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References