Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-11-06T15:00:00
Updated: 2024-08-07T06:22:24.229Z
Reserved: 2009-09-22T00:00:00
Link: CVE-2009-3300
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-11-06T15:30:00.467
Modified: 2024-11-21T01:07:01.587
Link: CVE-2009-3300
Redhat
No data.