Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3872

Опубликовано: 10 июн. 2019
Источник: redhat
CVSS3: 5.4

Описание

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1688966picketlink: reflected XSS in SAMLRequest via RelayState parameter

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-3872

CVSS3: 5.4
nvd
больше 6 лет назад

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

github логотип

GHSA-5qcq-825g-ghpg

CVSS3: 5.4
github
больше 3 лет назад

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

fstec логотип

BDU:2020-04801

CVSS3: 5.4
fstec
больше 6 лет назад

Уязвимость платформы JBoss Enterprise Application Platform, существует из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки и раскрыть защищаемую информацию

5.4 Medium

CVSS3