CVE-2019-3873
6.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Summary
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | picketlink | as shipped with Jboss Enterprise Application Server 7.2 | affected |
Weaknesses
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.