CVE-2019-3873

Summary

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

Affected Software

VendorProductVersion RangeStatus
Red Hatpicketlinkas shipped with Jboss Enterprise Application Server 7.2affected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References