Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-17T15:01:33
Updated: 2024-08-04T09:11:05.199Z
Reserved: 2020-01-13T00:00:00
Link: CVE-2020-6850
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-17T16:15:28.803
Modified: 2024-11-21T05:36:17.467
Link: CVE-2020-6850
Redhat
No data.