simplesamlphp/simplesamlphp Security Advisories for v1.14.14 (10)
-
[MEDIUM] SimpleSAMLphp Reflected Cross-site Scripting vulnerability
PKSA-cs5w-msn4-qr4z GHSA-vpr3-cw3h-prw8
Affected version: >=1.12.0,<1.17.3
Reported by:
GitHub -
[LOW] Log injection in SimpleSAMLphp
PKSA-g1nk-699g-2gbq CVE-2020-5225 GHSA-6gc6-m364-85ww
Affected version: <1.18.4
Reported by:
GitHub -
[CRITICAL] Reflected Cross-Site-Scripting
PKSA-3x8n-wm49-n67d GHSA-fjr2-r2mp-484p
Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.15.0|>=1.15.0,<1.16.0|>=1.16.0,<1.17.0|>=1.17.0,<1.17.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Information disclosure of source code
PKSA-x565-3dmv-75hd CVE-2020-5301 GHSA-24m3-w8g9-jwpq
Affected version: <1.18.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Open redirection protection bypass
PKSA-b12x-6nzb-bjj1 CVE-2018-6520 GHSA-2qfc-48v5-4w5h
Affected version: <1.15.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Use of insecure connection charset (sqlauth module)
PKSA-2cdr-qj7j-y6rv CVE-2018-6521 GHSA-qv5p-6wrc-79wg
Affected version: <1.15.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Signature validation bypass (SAML 1.1)
PKSA-sbzp-sfcv-rv5g CVE-2017-18122 GHSA-j4qf-3w33-8cgc
Affected version: <1.14.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Signature validation bypass
PKSA-k6kb-6mrv-6jc6 GHSA-v858-922f-fj9v
Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross Site Scripting (XSS) in the consentAdmin module
PKSA-fvmb-6b5t-2yv5 CVE-2017-18121 GHSA-fv7m-wc3v-wr3w
Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Invalid token creation and validation
PKSA-xt5r-9jkw-6fks CVE-2017-12867 GHSA-597c-mh7m-48v7
Affected version: >=1.14.0,<1.14.15
Reported by:
GitHub, FriendsOfPHP/security-advisories