Описание
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 2.3-1build1 |
| hardy | DNE | |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | released | 2.0-2+lenny2build0.9.04.1 |
| karmic | ignored | end of life |
| lucid | not-affected | 2.3-1build1 |
| maverick | not-affected | 2.3-1build1 |
| natty | not-affected | 2.3-1build1 |
| oneiric | not-affected | 2.3-1build1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | ignored | end of life |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 2.3+dfsg-1build1 |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 2.3+dfsg-1build1 |
| maverick | not-affected | 2.3+dfsg-1build1 |
| natty | not-affected | 2.3+dfsg-1build1 |
| oneiric | not-affected | 2.3+dfsg-1build1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.3.1-1 |
| hardy | DNE | |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | not-affected | 1.3.1-1 |
| maverick | not-affected | 1.3.1-1 |
| natty | not-affected | 1.3.1-1 |
| oneiric | not-affected | 1.3.1-1 |
Показывать по
Ссылки на источники
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Pr ...
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность защищаемой информации
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность защищаемой информации
EPSS
2.6 Low
CVSS2