Your submission was sent successfully! Close

CVE-2009-3300

Published: 06 November 2009

Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.

Priority

Medium

Status

Package Release Status
opensaml2
Launchpad, Ubuntu, Debian
Upstream
Released (2.3)
shibboleth-sp
Launchpad, Ubuntu, Debian
Upstream Needs triage

shibboleth-sp2
Launchpad, Ubuntu, Debian
Upstream
Released (2.3)
xmltooling
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.1)